[Date Prev][Date Next]
Re: Confusion over MIT/Heimdal compatibility
--On Monday, April 21, 2008 3:11 PM +0200 Tim Tassonis <email@example.com>
Sorry, but this is rubbish. By your logic, if one joins a conspirative
gathering using a secret password and then is told than in future there
is a new secret passphrase, he would then be required to leave the room
again an reenter it using the new passphrase. There is absolutely no
security value in this, just a small entertainment value perhaps.
Reestablishing expired encryption keys clearly has a security value, due
to brute force issues on current connection keys.
But if somebody has brute-forced your initial shared secret to establish
the connection an you have changed it in the meantime, he will not be
more able to establish a connection if you keep that old connection.
I think you just argued for the point Howard was making. We aren't talking
about establishing a *new* connection with an old encryption key. We are
talking about maintaining a connection once the encryption key has expired.
Heimdal lets you do this. MIT does not.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration