tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd and remote keys

On Mon, Dec 31, 2007 at 05:59:04PM -0500, Greg Troxel wrote:
 >   Yeah, I was originally thinking in terms of SSL, for which one does
 >   (AFAIK) need curl or something of the sort, then designed it out.
 >   Woops.
 > I think the solution should provide perfect forward secrecy, so that
 > passively tapping the net ahead of time together with the assumed
 > physical possession doesn't get the attacker the key.  That was why I
 > suggested IPsec, although I should have explained why

Right, hence the bit about nonces that I alluded to.

David A. Holland

Home | Main Index | Thread Index | Old Index