[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Photuris Terminology

To: ipsec@ans.net
Subject: Photuris Terminology
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Fri, 13 Oct 95 13:27:43 EDT


The Photuris document uses the words "signature" and "certificate" in ways
that, to the cryptographic community, are misleading.  In order to avoid
confusion, these terminological abuses should at minimum be pointed out
explicitly.  Better, they should be replaced with more accurate terms.

The problem arises in allowing MD5 (or any other hash algorithm) as a
"Signature-Choice".  If only public-key algorithms were permitted in Photuris
as a "Signature-Choice", then there would be no problem.

In the cryptographic community, the term "signature" is NEVER used to refer
to a MAC (message authentication code).  These concepts are always kept 
quite distinct.  
	-- A signature is fundamentally a public-key notion:
		the signature for a message is created with the signer's
		private key, and verfied using the signer's public key.
	-- A message authentication code is a secret-key notion:
		the MAC for a message is computed by the sender using
		a secret that is shared with the receiver; the receiver
		verifies the MAC by recomputing it from the message and
		the shared secret.  Using MD5 as a "Signature-Choice"
		results in a MAC, not a "signature".

Allowing MD5 as a "Signature-Choice" is an unnecessary abuse of terminology.

Note that I'm not arguing that one might not want to use MD5 here, but rather
that it is improper and unnecessary to call this a "signature" method.

******************************************************************************
** Since both techniques provide authentication, I would suggest the following
** changes in terminology:
** 
** 	Signature-Choice --> Authentication-Choice
**	Signature        --> Authentication-Value
******************************************************************************

Similarly, the term "certificate" is used in the cryptographic community
exclusively to denote a public-key certificate.  An "email address" (as 
specified in the document, page 45, when MD5 is the Signature Choice), is
not a "certificate".  

******************************************************************************
** I suggest the following change in terminology:
**
**	Certificate	--> Authentication-Descriptor
******************************************************************************

which could either be an email address or a public-key certification.

We have enough confusion in this field without abusing standard terminology.
Presumably this arose since the original work [DOW] only envisioned 
public-key signature methods, and then the use of MAC's was later added
to Photuris.  

	Ron Rivest

Prev by Date: Re: Photuris
Next by Date: Re: Photuirs & signature - protocol vs. algorithm
Prev by thread: Re: Photuirs & signature - protocol vs. algorithm
Next by thread: Re: Photuris Terminology
Index(es):
- Main
- Thread