[Standards-JIG] The Great Encryption Debate

Ian Paterson ian.paterson at clientside.co.uk
Thu Aug 4 01:16:43 UTC 2005


Justin Karneges wrote:
> 2) offline diffie-hellman.
> What considerations are there regarding
> timestamping and replay attacks?

Good question. The JEP didn't explain those points.

I've now covered them in sections 9.4 "Replay Attacks" and 7.1
"Encryptable Content" of my working copy (next week's v0.4). You can see
it here:

http://www.clientside.co.uk/jeps/jep-0116/jep-0116.html

Unless I've neglected something, offline session replay attacks are
easily prevented without resorting to comparing timestamps. So there are
no clock synchronization issues to deal with.

- Ian




More information about the Standards mailing list