[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Forward secrecy in spiped



Hey all,

From reading through the protocol, it seems there are two modes for
forward secrecy:

A) Use forward secrecy, but allow the other side to turn it off. (default)
B) Turn off forward secrecy.

However, there could conceivably be a third mode:

C) Use forward secrecy, and terminate any connection that tries to turn it off.

The only problem is that if an endpoint receives 1 for the y value of
the other side, it doesn't necessarily know that the other side has 0
for its x value. (I'd have to check whether it's possible, given the
specific modulus and the possible range of x, to rule out a non-zero x
for a zero y value, unless someone already knows the answer to
this...)

This third mode would make it possible to guard against
misconfigurations, e.g. I might want forward secrecy to be always
used, and for stuff to blow up / complain if that changes. Is this a
valid use case?

-- Fred