[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] Thoughts on crypto agility

To: Robert Moskowitz <rgm at htt-consult.com>
Subject: Re: [Hipsec] Thoughts on crypto agility
From: Miika Komu <miika.komu at hiit.fi>
Date: Tue, 11 Aug 2009 22:33:12 +0300
Cc: hipsec at ietf.org
Delivered-to: hipsec at core3.amsl.com
In-reply-to: <4A818FE7.1030705 at htt-consult.com>
List-archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-help: <mailto:hipsec-request@ietf.org?subject=help>
List-id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-post: <mailto:hipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
References: <E4E75C73-3A73-4EC8-8A8E-2262B669EA8A at cs.rwth-aachen.de> <4A818FE7.1030705 at htt-consult.com>
Reply-to: miika.komu at hiit.fi
User-agent: Thunderbird 2.0.0.22 (X11/20090608)

Robert Moskowitz wrote:

Negotiation of Diffie-Hellman algorithm must be started already in the
I1 message to avoid overly large R1 packets filled with different D-H
parameters. This introduces the possibility for a man-in-the-middle
attack where the attacker mounts a downgrade attack on the Initiator and
Responder. The attacker can alter the I1 because it is unprotected. Thus,
the attacker can cause the Responder to offer unnecessarily too weak
algorithms or key lengths in R1 and.


For some reason, I read that "and." and am looking for some more text...


...enforce the parties to use unnecessarily too weak crypto.

References:
- [Hipsec] Thoughts on crypto agility
  - From: Robert Moskowitz

Prev by Date: [Hipsec] Thoughts on crypto agility
Next by Date: Re: [Hipsec] Building the first list of to Standards changes
Previous by thread: [Hipsec] Thoughts on crypto agility
Index(es):
- Date
- Thread