[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A problem with public key encrption in IKE
I thought one reason for having both signatures and public key
encryption as authentication methods is that signatures provide
non-repudiability while public key encryption provides repudiability.
In some cases you may want one, and in some cases the other.
Also, public key provides stronger security because an attacker would
have to break both DH and RSA to obtain the key material derived from
the exchange. With signatures the attacker only needs to break DH.
(Granted, this may be good enough.)
It would be nice to be able to enjoy the benefits of the public key
encryption method even in cases where the initiator does not know the
public key of the responder at the beginning of the exchange.
Francisco
______________________________ Reply Separator _________________________________
Subject: Re: A problem with public key encrption in IKE
Author: Non-HP-kivinen (kivinen@ssh.fi) at HP-ColSprings,mimegw5
Date: 12/13/99 6:59 AM
francisco_corella@hp.com writes:
> It should be possible to fix these two problems, probably at the expense of
> additional messages, by first establishing the DH secret, then exchanging
Use signatures based authentication method, instead of rsa encryption.
There IS a reason why we have different types of authentications in
the IKE. They offer little bit different things...
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
Follow-Ups:
References: