[Perc] Question on diet Design?
Eric Rescorla <ekr@rtfm.com> Tue, 21 March 2017 21:49 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EB3A1294AA for <perc@ietfa.amsl.com>; Tue, 21 Mar 2017 14:49:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYaqj20tDL_S for <perc@ietfa.amsl.com>; Tue, 21 Mar 2017 14:49:24 -0700 (PDT)
Received: from mail-ot0-x22a.google.com (mail-ot0-x22a.google.com [IPv6:2607:f8b0:4003:c0f::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F03411293E3 for <perc@ietf.org>; Tue, 21 Mar 2017 14:49:23 -0700 (PDT)
Received: by mail-ot0-x22a.google.com with SMTP id o24so159771833otb.1 for <perc@ietf.org>; Tue, 21 Mar 2017 14:49:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Cob1JTigRvkmKzrwBUkd5/yxQY7GC+lnaaKbLh/460Q=; b=ok2Au4+FQl5jQB5XsDmgOan6jXPt/0Hqvz1T/yGk+EBcc9ubyIBx6qNhVk11mzbeEr ksUfqYsnVhsrlvn2TcHEv4jjKuJQgkg/wGLpfF5rHv1EM0laimoAA6GmOJ6Agxdufhj3 TOFuHWcjC8JqbV5zwOX/uxJMH7wzTQbA9bBbO4YVUbVUeP4N3EUV1Bv7iG1mZdabxrXw AEXckWoMM83s1AQV/yYz07F5Kp8mWmvM4NnVkdI2dDvErEGIQuABk8EJstukZ0o0XEFM fXEgoqAFdPLclrscmcy3dqWKEK+5R6TYSkA3Dwq/ENLdrAiRAn3lOLkkl9uIT0+CGjEv 5BIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Cob1JTigRvkmKzrwBUkd5/yxQY7GC+lnaaKbLh/460Q=; b=RlgbRtkJE4e8JDknkXNkd+VCR/Ll3m21M1T2NX0iWSkYwhWgeAvhS8c1qe3atpC9fD F2KhKFZtPR9tLZwTtIdgPbc18pI4SKSNV3Q3FX4TfzczGup6xH8gN1AlpgpGWzRRqeqJ yb4lwnM/bQhdI7SqPrRQSHE8c//OFLSdZLLcE+PpEBg3+5kg6GmZibkKgfc+awEP2kOL QZU2Tcv7meSeKs1OxAKcrnsl0tHw4vSacFNL90dRSw4cAqhqBZlz84NCRrorKGZhqeEr Ym9Qrv0AdoSp8QTS2p8fJO9UOVQ2aDWHc8SZMc8qHyCAJIWYpErOVOfP+wL7qGtVfwh/ 7gSg==
X-Gm-Message-State: AFeK/H2f4hul2mWnDq6eHHGIbJopUXavPX3Xr8Jz0l1IAUbOfJuwxZSiA/SVQ3z+We9MuTXE5+k69pOQgkoSjQ==
X-Received: by 10.157.39.6 with SMTP id r6mr18936300ota.45.1490132963131; Tue, 21 Mar 2017 14:49:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.210 with HTTP; Tue, 21 Mar 2017 14:48:17 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 21 Mar 2017 14:48:17 -0700
Message-ID: <CABcZeBPbFJYyCBUGhtryn1Z6W9feLUiS-sVB+HM7UUUR3-ZbQg@mail.gmail.com>
To: perc@ietf.org
Content-Type: multipart/alternative; boundary="001a113ad16aef965a054b449d14"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/Aiqju1x6nEqe8fxeqGR2n4OHHHM>
Subject: [Perc] Question on diet Design?
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 21:49:25 -0000
I've read this document and I'm finding it hard to understand the basic design. Ignoring all the details, we have a node i which connects to the Key Distributor (KD), and we want to establish a shared key for each node i = 0, 1, ... n (this is just to establish E2E keys. I'm ignoring HBH keys for now). So, as I read it, the system works like this. - Node i connects to KD and establishes a DTLS connection which establishes a pairwise key K_d_i. - The KD then generates a fresh EKT key K_e_i and sends it to i encrypted under K_d_i. - The KD then generates a shared group key K_g and sends it individually to all i in SRTP/EKT encrypted under K_e_i. Is that correct so far? If so, my question is why you need K_e_i? You have already established a shared secret via the DTLS connection and you can make as many fresh pairwise encryption keys as you want from that, so why do you need to make a new encryption key K_e_i and send it from KD to i? -Ekr
- [Perc] Question on diet Design? Eric Rescorla
- Re: [Perc] Question on diet Design? Paul E. Jones
- Re: [Perc] Question on diet Design? Eric Rescorla
- Re: [Perc] Question on diet Design? Paul E. Jones
- Re: [Perc] Question on diet Design? Eric Rescorla
- Re: [Perc] Question on diet Design? Paul E. Jones
- Re: [Perc] Question on diet Design? Eric Rescorla
- Re: [Perc] Question on diet Design? Paul E. Jones
- Re: [Perc] Question on diet Design? Eric Rescorla
- Re: [Perc] Question on diet Design? Paul E. Jones
- Re: [Perc] Question on diet Design? Eric Rescorla
- Re: [Perc] Question on diet Design? Cullen Jennings