1994-07-08 - Re: Question: Key Distr. in realtimeo applications?

Header Data

From: Ian Farquhar <ifarqhar@laurel.ocs.mq.edu.au>
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Message Hash: 7bffba65ff546558313363de7d10eec0ebddb257634a8260bcbe6740720c53b5
Message ID: <199407080200.AA10330@laurel.ocs.mq.edu.au>
Reply To: <199407080132.VAA14746@cs.oberlin.edu>
UTC Datetime: 1994-07-08 02:03:08 UTC
Raw Date: Thu, 7 Jul 94 19:03:08 PDT

Raw message

From: Ian Farquhar <ifarqhar@laurel.ocs.mq.edu.au>
Date: Thu, 7 Jul 94 19:03:08 PDT
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: Question: Key Distr. in realtimeo applications?
In-Reply-To: <199407080132.VAA14746@cs.oberlin.edu>
Message-ID: <199407080200.AA10330@laurel.ocs.mq.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


>How does clipper solve this problem? 

It does not.  The Clipper initative (FIPS-185) deals solely with the
specification of a symmetric cipher with escrowed keys.  Key exchange
and authentication is outside the scope of the protocol, but most
implementations would probably use something like a D-H key exchange
to do it (remember that a Clipperphone guarantees privacy between yourself
and the person on the other end, but does NOT authenticate them to you
or you to them.  Man in the middle attacks are obviously possible,
depending on the key exchange protocol that your Clipperphones employ.)

						Ian.




Thread