New authentication protocol, was Re: Tinc's response to "Linux's answer to MS-PPTP"

[Derek Atkins]

Guus Sliepen <guus at sliepen.eu.org> writes:

> Compared with the entire TLS protocol it is much simpler, compared with
> just the handshake protocol it is about as simple and probably just as
> efficient, but as I said earlier, I want to get rid of the client/server
> distinction.

You can't get rid of the distinction.  You will always have a "client"
and a "server" -- however you may just rename it "Initiator" and
"Responder" to make it sound more peer-like, but it's just the same
emperor in different clothes.  The only real distinction between a
_pure_ client-server protocol and a peer-to-peer protocol is that the
latter is generally reversible where the former is not.  By
"reversible" I mean that either party could be the initiator and
either could be the responder.

HOWEVER, during the run of a protocol it behooves you to label the
parties, and "client/server" is just as valid a naming as
"initiator/responder".  IPsec (IKE) is clearly peer/peer.  Even with
TLS the protocol is reversible if you perform the name mappings and
assume both ends have certificates.

So, I urge you to be careful with trying to get rid of a distinction
that really has little meaning in most protocols.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com