[Standards-JIG] The Great Encryption Debate
ian.paterson at clientside.co.uk
Thu Aug 4 01:16:43 UTC 2005
Justin Karneges wrote:
> 2) offline diffie-hellman.
> What considerations are there regarding
> timestamping and replay attacks?
Good question. The JEP didn't explain those points.
I've now covered them in sections 9.4 "Replay Attacks" and 7.1
"Encryptable Content" of my working copy (next week's v0.4). You can see
Unless I've neglected something, offline session replay attacks are
easily prevented without resorting to comparing timestamps. So there are
no clock synchronization issues to deal with.
More information about the Standards