[Standards-JIG] RE: Encrypted sessions
jean-louis.seguineau at laposte.net
Wed Jun 7 21:30:47 UTC 2006
Brian, actually, if the two parties use a PKI, then we can do without the
Diffie-Helmann key exchange at the beginning of every session. DH creates a
key pair on the fly used to agree on a common secret for the session. From
that shared secret you then derive cryptographic material for that various
parts/algorithms used in your exchange (crypto key, hash key, signature key,
If the two parties use a PKI, then let's assume each party has acquired the
other party public key. The initiator generates a shared secret and uses the
other party public key to encrypt it (Or we may choose to combine two
half-shared secrets generated by each party). Only the party with the proper
private key will be able to decrypt the shared secret. Once we have a shared
secret, we can derive the same kind of cryptographic material. Everything
else in the way you encrypt/hash/sign remains valid.
I don't think it will change much in the way the "offline encryption" is
done, unfortunately. But JEP-116 can work with or without PKI with a slight
modification. The added complexity comes in the management of crypto
material between sessions (check, remove, add, etc...) just for the sake of
"offline encryption". Without this part, JEP-116 implementation is
straightforward. Is the added complexity worth the effort? The JEP-116
without "offline encryption" will be even more secure, because there won't
be any inter session key material left to be compromised. This is what real
Perfect Forward Secrecy is about.
Date: Wed, 07 Jun 2006 15:35:35 -0400
From: Brian Raymond <brian.raymond at je.jfcom.mil>
Subject: Re: [Standards-JIG] RE: Encrypted sessions
To: Jabber protocol discussion list <standards-jig at jabber.org>
Message-ID: <C0ACA2C7.97C9%brian.raymond at je.jfcom.mil>
Content-Type: text/plain; charset="US-ASCII"
Not that it's widely deployed but in some environments the risk of
maintaining session keys could be mitigated if there was an encryption mode
tying in PKI support. This would allow for offline messages, but it will
make things more complicated by allowing that method.
On 6/7/06 2:04 PM, "Jean-Louis Seguineau" <jean-louis.seguineau at laposte.net>
> That's excellent news. JEP-116 provides a very good starting point.
> I nevertheless believe it can be simplified by only keeping the "online
> sessions crypto" part.
> The support for encrypted stanzas when offline is adding complexity to the
> overall implementation, and increasing the security risk by mandating the
> long term session keys to be "kept" on the client machine.
> If we do not do "offline crypto" then we just have to do a Diffie-Helmann
> keys exchange for every new p2p session, and discard all crypto material
> when a session is ended. The overall process becomes simpler, as every
> session starts new, and there is no need to check if previous long term
> have been negotiated earlier.
More information about the Standards