From: Stephane Bortzmeyer <bortzmeyer@cnam.fr>
To: Tatu Ylonen <ylo@cs.hut.fi>
Message Hash: 4a896fb290e116eca61dbf727f1520c910d1683db19ef05337e784d20b10fd56
Message ID: <199507310737.JAA06792@cnam.fr>
Reply To: <199507231145.OAA04620@shadows.cs.hut.fi>
UTC Datetime: 1995-07-31 07:38:17 UTC
Raw Date: Mon, 31 Jul 95 00:38:17 PDT
From: Stephane Bortzmeyer <bortzmeyer@cnam.fr>
Date: Mon, 31 Jul 95 00:38:17 PDT
To: Tatu Ylonen <ylo@cs.hut.fi>
Subject: Re: ssh protocol
In-Reply-To: <199507231145.OAA04620@shadows.cs.hut.fi>
Message-ID: <199507310737.JAA06792@cnam.fr>
MIME-Version: 1.0
Content-Type: text/plain
On Sunday 23 July 95, at 14 h 45, the keyboard of Tatu Ylonen <ylo@cs.hut.fi> wrote:
> People have also suggested using the Photuris protocol that is part of
> the IP Security work being done at IETF
> (ftp://www.cnri.reston.va.us/internet-drafts/draft-ietf-ipsec-photuris-02.txt
).
>
> The basic idea behind the protocol goes roughly like this:
> 1. Exchange session keys using Diffie-Hellman
> 2. Each side sends a signature of the Diffie-Hellman exchange (the
> signature can be with any of a number of algorithms; RSA and
> Elliptic Curve systems have been defined).
>
> If this were adapted to ssh, the protocol would look roughly like
> this:
> 1. Exchange session keys using Diffie-Hellman
> 2. Each side sends a signature of the Diffie-Hellman exchange by its
> host key
> 3. RSA and Rhosts authentication requests would include a signature
> by the requesting key.
>
> This would get rid of the server key and the need to regenerate it,
> because the diffie-hellman exchange already prevents decrypting old
> conversations. The challenge-dialogs could be avoided (unless they
> are needed for performance reasons to avoid unnecessary signature
> computations).
>
> One could also eliminate RSA in future and start using some other
> public key cryptosystem if desired. The Diffie-Hellman patent and the
> generic public key patent expire in 1997; the RSA-patent does not
> expire until about year 2000.
>
>
> Anyway, this would be a major change that probably cannot easily be
> made compatibly. Maybe an incompatible ssh-2.x? Anyway, I don't want
> to rush into making major changes in the protocol.
>
> I would very much like to hear comments on this approach.
>
> Tatu
Stephane Bortzmeyer Conservatoire National des Arts et Metiers
bortzmeyer@cnam.fr Laboratoire d'Informatique
292, rue Saint-Martin
tel: +33 (1) 40 27 27 31 75141 Paris Cedex 03
fax: +33 (1) 40 27 27 72 France
"C'est la nuit qu'il est beau de croire a la lumiere." E. Rostand
Return to August 1995
Return to “Tatu Ylonen <ylo@cs.hut.fi>”