1995-07-31 - Re: ssh protocol

Header Data

From: Stephane Bortzmeyer <bortzmeyer@cnam.fr>
To: Tatu Ylonen <ylo@cs.hut.fi>
Message Hash: 4a896fb290e116eca61dbf727f1520c910d1683db19ef05337e784d20b10fd56
Message ID: <199507310737.JAA06792@cnam.fr>
Reply To: <199507231145.OAA04620@shadows.cs.hut.fi>
UTC Datetime: 1995-07-31 07:38:17 UTC
Raw Date: Mon, 31 Jul 95 00:38:17 PDT

Raw message

From: Stephane Bortzmeyer <bortzmeyer@cnam.fr>
Date: Mon, 31 Jul 95 00:38:17 PDT
To: Tatu Ylonen <ylo@cs.hut.fi>
Subject: Re: ssh protocol
In-Reply-To: <199507231145.OAA04620@shadows.cs.hut.fi>
Message-ID: <199507310737.JAA06792@cnam.fr>
MIME-Version: 1.0
Content-Type: text/plain


On Sunday 23 July 95, at 14 h 45, the keyboard of Tatu Ylonen <ylo@cs.hut.fi> wrote:

> People have also suggested using the Photuris protocol that is part of
> the IP Security work being done at IETF
> (ftp://www.cnri.reston.va.us/internet-drafts/draft-ietf-ipsec-photuris-02.txt
).
> 
> The basic idea behind the protocol goes roughly like this:
>   1. Exchange session keys using Diffie-Hellman
>   2. Each side sends a signature of the Diffie-Hellman exchange (the
>      signature can be with any of a number of algorithms; RSA and
>      Elliptic Curve systems have been defined).
> 
> If this were adapted to ssh, the protocol would look roughly like
> this:
>   1. Exchange session keys using Diffie-Hellman
>   2. Each side sends a signature of the Diffie-Hellman exchange by its
>      host key
>   3. RSA and Rhosts authentication requests would include a signature
>      by the requesting key.
> 
> This would get rid of the server key and the need to regenerate it,
> because the diffie-hellman exchange already prevents decrypting old
> conversations.  The challenge-dialogs could be avoided (unless they
> are needed for performance reasons to avoid unnecessary signature
> computations).
> 
> One could also eliminate RSA in future and start using some other
> public key cryptosystem if desired.  The Diffie-Hellman patent and the
> generic public key patent expire in 1997; the RSA-patent does not
> expire until about year 2000.
> 
> 
> Anyway, this would be a major change that probably cannot easily be
> made compatibly.  Maybe an incompatible ssh-2.x?  Anyway, I don't want
> to rush into making major changes in the protocol.
> 
> I would very much like to hear comments on this approach.
> 
>     Tatu

Stephane Bortzmeyer           Conservatoire National des Arts et Metiers
bortzmeyer@cnam.fr            Laboratoire d'Informatique
                              292, rue Saint-Martin			
tel: +33 (1) 40 27 27 31      75141 Paris Cedex 03
fax: +33 (1) 40 27 27 72      France	

"C'est la nuit qu'il est beau de croire a la lumiere." E. Rostand





Thread