From owner-freebsd-security Sun Mar 10 14:26:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.vol.cz (smtp1.vol.cz [195.250.128.73]) by hub.freebsd.org (Postfix) with ESMTP id F117E37B400 for ; Sun, 10 Mar 2002 14:26:03 -0800 (PST) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by smtp1.vol.cz (8.11.6/8.11.3) with ESMTP id g2AMPvq11426 for ; Sun, 10 Mar 2002 23:25:58 +0100 (CET) (envelope-from dan@obluda.cz) Message-ID: <3C8B83B5.3FC952F7@obluda.cz> Date: Sun, 10 Mar 2002 17:03:01 +0100 From: Dan Lukes X-Sender: "Dan Lukes" X-Mailer: Mozilla 4.79 [en]C-CCK-MCD {FIO} (Windows NT 5.0; U) X-Accept-Language: cs,sk,en,* MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: ESP + IPFW References: <20020308171818.G2192-100000@walter> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jason Stone wrote: > > So, from paranoid point of view - yes, it is more secure to use > > IKE and rotate the keys. > > Uh, doesn't IKE use public keys to share symmetric keys? Doesn't that > imply that if you crack the private keys, you can then go back and decrypt > the symmetric key exchange and finally decrypt the traffic? As far as I know, no, but i'm not sure, of course. IKE use Diffie-hellman handshaking to establish IKE transport symetric keys. Those one-time DH keys cover the IKE communication including IPSec symetric key exchange. Asymetric key is used for authentication purposed over DH keys encryptech channel only. So, your compromised private key allow you to establish and authenticate new connection, but it didn't help you to decrypt previously captured communication because the DH key for captured session remain unknown (DH keys exist only during specific session and not stored anywhere). Compromise of private key doesn't allow you to decrypt new connections originated by someone else (althought you can be man-in-the-middle). > Isn't this why people expire their PGP keys and SSL CA's encourage > you to expire your ssl keys? AFAIK, no. I know nothing about details of the PGP communication, so i can imagine only. PGP is designed for off-line (email) communication where establishing of one-time "session" key isn't possible. IMHO, the PGP encrypt message by random symetric key then encrypt symetric key by asymetric key then send message. Yes, the compromising of asymetric key compromise all messages in it scenario. > So it would seem to me that failing to expire your symmetric keys is not > so different from failing to expire your public keys True. Note, in "normal case" - you encrypt a huge amount of data by a symetric key for every byte encrypted by an asymetric key - so symmetric key should be changed often (in the terms of 'time') than asymetric key. > and that this is a > key management issue and doesn't effect the security of the system > directly. Well, the average time of validity of X509 certificate (one year) is rather bussiness decision than security decision. The validity of CA certificate itself is from 5 to 30 years and it is still counted secure, but CA key is used a few times every year and it encrypt only few bytes during its period of validity. The secure period of validity of a key (symetric or asymetric) isn't based on lenght and type of key itself only, but on (and not only) it's usage also. It's not key management issue only. True, trust me ... ;-) Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message