refactoring crypto handshakes (SSL in 3 easy steps)
James A. Donald
jamesd at echeque.com
Tue Nov 13 15:55:54 EST 2007
travis+ml-cryptography at subspacefield.org wrote:
>> Three messages is the proven minimum for mutual authentication. Last
>> two messages all depend on the previous message, so minimum handshake
>> time is 1.5 RTTs.
Nicolas Williams wrote:
> Kerberos V manages in one round-trip. And it could do one round-trip
> without a replay cache if it used ephemeral-ephemeral DH to exchange
> sub-session keys. (OTOH, high performance, secure replay caches are
> difficult to implement, ultimately being limited by the number of write
> to persistent storage ops that the system can manage.)
Authentication is establishing a shared secret. The fact that a secret,
once established, may then be used frequently, does not make the cost of
authentication any the less.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list