Re: [perpass] relevant LISP discussion
Nick Thomas <nick@lupine.me.uk> Wed, 21 August 2013 18:02 UTC
Return-Path: <nick@lupine.me.uk>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D12DC11E83D0 for <perpass@ietfa.amsl.com>; Wed, 21 Aug 2013 11:02:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geU5-e-gxV13 for <perpass@ietfa.amsl.com>; Wed, 21 Aug 2013 11:02:32 -0700 (PDT)
Received: from oak.forest.a5775.uk0.bigv.io (lupine.me.uk [IPv6:2001:41c8:51:8:feff:ff:fe01:101]) by ietfa.amsl.com (Postfix) with ESMTP id 02CD711E83A6 for <perpass@ietf.org>; Wed, 21 Aug 2013 11:02:31 -0700 (PDT)
Received: from [213.138.102.178] by oak.forest.a5775.uk0.bigv.io with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <nick@lupine.me.uk>) id 1VCCjl-0002nD-Hr; Wed, 21 Aug 2013 19:02:29 +0100
Message-ID: <521500B4.7040107@lupine.me.uk>
Date: Wed, 21 Aug 2013 19:02:28 +0100
From: Nick Thomas <nick@lupine.me.uk>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130704 Icedove/17.0.7
MIME-Version: 1.0
To: perpass@ietf.org
References: <5214E525.7020702@cs.tcd.ie> <5214F25D.6070707@bbn.com>
In-Reply-To: <5214F25D.6070707@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] relevant LISP discussion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 18:02:45 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Stephen, On 21/08/13 18:01, Stephen Kent wrote: > I might be more impressed if the sender of the message understood that > one does not use > EC(DH) to encrypt/decrypt anything! Thanks for the input. I am cryptographically naive, yes. The intention here isn't to impress anyone; but to hammer out something that might actually work in the real world. So the contention is that sha256( ecdh( public, private ) ) is not an appropriate to use as the secret key for a symmetric block cipher like aes256... in general? Only for long-lived keys? What happens if peers change those keys daily, or every T/G/MB? Or should I just forget about that, and use the ecdh shared secret to encrypt a separate private key... for each packet? On a certain timescale? When I first came up with the idea, a L/ISP control plane wasn't part of it, so I tried to avoid anything with even a whiff of session establishment. /Nick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iF4EAREIAAYFAlIVALIACgkQREz3uGI6tdy+7gD8DAuR+Ww9fQyShzdTsAB/dNl/ eoeeADWbS/paKuwBPbIA/RbC5h5XAaPFci+kME+GU/9oHAaRVYgPdrbhYm+buvhj =TRHk -----END PGP SIGNATURE-----
- [perpass] relevant LISP discussion Stephen Farrell
- Re: [perpass] relevant LISP discussion Stephen Kent
- Re: [perpass] relevant LISP discussion Stephen Farrell
- Re: [perpass] relevant LISP discussion Nick Thomas
- Re: [perpass] relevant LISP discussion Nick Thomas
- Re: [perpass] relevant LISP discussion Stephen Kent