At 4:40 PM -0800 11/20/03, Ralf-P. Weinmann wrote:
Hmm.. Does this mean the users have to read of SHA-256 hash values to each other after the connection has been established? Oh. Right. It says "Readout hash based key authentication" on the left hand side of the spec.
You probably don't have to read all 256 bits. One way this had been handled (in the Starium (sp?) phone), is to display a number derived from the hash. One person reads the first half of the number, and the other person reads the second half. If both halves verify, there is no man-in-the-middle. The length of the number determines the security, but since it is derived from the Diffie-Hellman exchange, neither side can control its value. Probably 6 digits is enough.
... There should be a means to cache credentials after an initial trust relationship between communicating parties has been established.
Cache entries would be a way for someone who obtains the phone to be able to trace your contacts. (So would a in-phone address book.) Automatic authentication also might make it easier to spoof the phone's owner. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet." -- Dean Tribble | Los Gatos, CA 95032