New authentication protocol, was Re: Tinc's response to "Linux's answer to MS-PPTP"

Guus Sliepen guus at sliepen.eu.org
Mon Sep 29 12:59:46 EDT 2003 

On Mon, Sep 29, 2003 at 09:35:56AM -0700, Eric Rescorla wrote:

> Was there any technical reason why the existing cryptographic
> skeletons wouldn't have been just as good?

Well all existing authentication schemes do what they are supposed do,
that's not the problem. We just want one that is as simple as possible
(so we can understand it better and implement it more easily), and which
is efficient (both speed and bandwidth).

> > And I just ripped TLS from the list.
> 
> Define "ripped". This certainly is not the same as TLS.

Used as a skeleton. Don't ask me to define that as well.

> > Several people on this list have already demonstrated that they are very
> > willing to analyse new protocols.
> 
> Actually, no. People are willing to take a quick look and
> then shoot bullets at your protocol.

True. I've already heard Peter Gutmann's writeup being described as
"drive-by shooting" :).

> That's not the same a sdoing a thorough analysis, which can take
> years, as Steve Bellovin has pointed out about Needham-Schroeder.

True, but we can learn even from the bullet holes.

> Look, there's nothing wrong with trying to invent new protocols,
> especially as a learning experience. What I'm trying to figure
> out is why you would put them in a piece of software rather 
> than using one that has undergone substantial analysis unless
> your new protocol has some actual advantages. Does it?

We're trying to find that out. If we figure out it doesn't, we'll use
one of the standard protocols. We also do not know every existing
protocol, maybe we'll find one we are happy with. I'm currently decoding
RFC 2409 and trying to look if one of IKE's modes of operation does what
we want.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030929/683a528b/attachment.pgp>

More information about the cryptography mailing list