Jason Stone wrote:

> > So, from paranoid point of view - yes, it is more secure to use
> > IKE and rotate the keys.
>
> Uh, doesn't IKE use public keys to share symmetric keys? Doesn't that
> imply that if you crack the private keys, you can then go back and decrypt
> the symmetric key exchange and finally decrypt the traffic?

        As far as I know, no, but i'm not sure, of course.

        IKE use Diffie-hellman handshaking to establish IKE transport symetric
keys. Those one-time DH keys cover the IKE communication including IPSec
symetric key exchange. Asymetric key is used for authentication purposed
over DH keys encryptech channel only.

        So, your compromised private key allow you to establish and
authenticate new connection, but it didn't help you to decrypt
previously captured communication because the DH key for captured
session remain unknown (DH keys exist only during specific session and
not stored anywhere). Compromise of private key doesn't allow you to
decrypt new connections originated by someone else (althought you can be
man-in-the-middle).

> Isn't this why people expire their PGP keys and SSL CA's encourage
> you to expire your ssl keys?

        AFAIK, no.

        I know nothing about details of the PGP communication, so i can imagine
only. PGP is designed for off-line (email) communication where
establishing of one-time "session" key isn't possible. IMHO, the PGP
encrypt message by random symetric key then encrypt symetric key by
asymetric key then send message. Yes, the compromising of asymetric key
compromise all messages in it scenario.
 
> So it would seem to me that failing to expire your symmetric keys is not
> so different from failing to expire your public keys

        True.

        Note, in "normal case" - you encrypt a huge amount of data by a
symetric key for every byte encrypted by an asymetric key - so symmetric
key should be changed often (in the terms of 'time') than asymetric key.

> and that this is a
> key management issue and doesn't effect the security of the system
> directly.

        Well, the average time of validity of X509 certificate (one year) is
rather bussiness decision than security decision. The validity of CA
certificate itself is from 5 to 30 years and it is still counted secure,
but CA key is used a few times every year and it encrypt only few bytes
during its period of validity.

        The secure period of validity of a key (symetric or asymetric) isn't
based on lenght and type of key itself only, but on (and not only) it's
usage also. It's not key management issue only. True, trust me ... ;-)

                                                        Dan

-- 
Dan Lukes      tel: +420 2 21914205, fax: +420 2 21914206
root  of FIONet,  KolejNET,  webmaster  of www.freebsd.cz
AKA: danobluda.cz, danfreebsd.cz, dankolej.mff.cuni.cz
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]