On Mon, 6 Mar 2000, dreamwvr wrote:
> On Mon, 6 Mar 2000, Mark wrote:
> > CIPE needs a secure secret at both ends of the link. Other than this,
> > it's pretty robust.
> what does it use for the exchange public key exchange?
no. From the cipe.info file (editted for brevity):
---
3. Key exchange
Every interface is associated with a static key, a sending dynamic key
and a receiving dynamic key. On startup, only the static key is valid.
Encryption uses the static key if and only if the sending dynamic key
is invalid.
The dynamic key is set by a dialogue procedure involving messages with
type code bits 01. The packets consist of a type octet followed by
protocol data followed by a random amount of padding random data, so
that the packet is at least 64 octets long. A key consists of 16
octets, a key CRC is the CRC-32 over the key, transferred in network
order.
---
So, dynamic key exchange is done using the shared (static) key at the
endpoints. Not quite as easy to distribute keys as a PK system as they
need to be securely exchanged. I seem to recall Olaf mentionning he
might look at this for future development, but I could very well have
mis-remembered this. It's not a big deal for me locally as I only use
it between a small number of machines.
Cheers,
Mark
+-------------------------------------------------------------------------+
Mark Cooke The views expressed above are mine and are not
Systems Programmer necessarily representative of university policy
University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/
+-------------------------------------------------------------------------+
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
