[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Confusion over MIT/Heimdal compatibility

--On Monday, April 21, 2008 3:11 PM +0200 Tim Tassonis <timtas@cubic.ch> wrote:

Sorry, but this is rubbish. By your logic, if one joins a conspirative
gathering using a secret password and then is told than in future there
is a new secret passphrase, he would then be required to leave the room
again an reenter it using the new passphrase. There is absolutely no
security value in this, just a small entertainment value perhaps.

Reestablishing expired encryption keys clearly has a security value, due
to brute force issues on current connection keys.

But if somebody has brute-forced your initial shared secret to establish
the connection an you have changed it in the meantime, he will not be
more able to establish a connection if you keep that old connection.

I think you just argued for the point Howard was making. We aren't talking about establishing a *new* connection with an old encryption key. We are talking about maintaining a connection once the encryption key has expired. Heimdal lets you do this. MIT does not.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration