From: hughes@ah.com (Eric Hughes)
Date: Sun, 6 Feb 94 03:55:55 PST
To: cypherpunks@toad.com
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <9402060811.AA24965@acacia.itd.uts.EDU.AU>
Message-ID: <9402061151.AA19462@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


>Anyway, the upshot is 
>that a Station To Station protocol is developed and discussed which is 
>based on the original D-H system. 

The STS protocol is a regular D-H followed by a (delicately designed)
exchange of signatures on the key exchange parameters.  The signatures
in the second exchange that they can't be separated from the original
parameters.

>Damn, I don't have the paper which me,
>so I'm not sure whether third party certification is needed.

There is a digital signature required, so what is at root required is
a trusted public key of the other party.  One can use a certificate to
establish this trust and transmit it at session time, but any other
method of communicating a public key will work, include a trusted web
of trust or direct previous transmission.

STS is a well-thought out protocol, with many subtleties already
arranged for.  For the issue at hand, though, which is Ethernet
sniffing, it's authentication aspects are not required now, even
though they certainly will be in the near future.

Eric