[Cryptography] What is a secure conversation? (Was: online forums...)
Natanael
natanael.l at gmail.com
Sat Dec 28 16:53:39 EST 2013
Den 28 dec 2013 22:28 skrev "Jerry Leichter" <leichter at lrw.com>:
>
> On Dec 28, 2013, at 11:49 AM, Phillip Hallam-Baker wrote:
>>
>> ...At some point it is going to be easier to design one protocol that
supports all the different messaging modes with security built in rather
than working out how to back-fit security into each legacy protocol
separately....
>
> Except that there is a line at synchronous vs. asynchronous communication
that divides mechanisms with fundamentally different characteristics.
Synchronous communication can have perfect forward security; asynchronous
communications cannot.
>
> This division bothers me. It seems to me there's something missing in
our descriptions so that we fail to capture the nature of this distinction.
It feels as if there should be a continuum here, where you get full PFS
for communications with an arbitrarily short lifetime, degenerating into
the usual more limited guarantees for things that are stored long term.
And I suppose you could come up with a simple theory along that line,
where you need to retain keying material only as long as some message isn't
delivered. But this seems very forced and unnatural. I think we're
missing something.
>
> -- Jerry
Moxie is trying to fix that, have you seen the "axolotl" ratcheting scheme
(not sure on the spelling) that he and another guy developed, with the
intent to establish PFS like security for asynchronous communication? I'd
say it's something more like a very long latency version of regular PFS.
The session keys becomes short term secrets instead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131228/44683291/attachment.html>
More information about the cryptography
mailing list