[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A problem with public key encrption in IKE

To: francisco_corella@hp.com
Subject: Re: A problem with public key encrption in IKE
From: Stephen Kent <kent@bbn.com>
Date: Tue, 14 Dec 1999 15:38:07 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <H00013960da80d9a@MHS>
References: <H00013960da80d9a@MHS>
Sender: owner-ipsec@lists.tislabs.com

Francisco,

Whether a signature provides a basis for non-repudiation depends on 
the details of the generation process.  Note that in the case of 
IPsec, at most one might be able to prove that a peer initiated an 
SA, but the signature applied during the IKE exchange would not say 
anything about what data was sent on the SAs later.  So, while I like 
the use of signatures for IKE authentication, I would not argue too 
strongly for them based on any non-repudiation basis.

Steve

References:

Re: A problem with public key encrption in IKE

From: francisco_corella@hp.com

Prev by Date: fqdn and trailing dot in IDs
Next by Date: Re: PGP keys in IKE
Prev by thread: Re: A problem with public key encrption in IKE
Next by thread: Re: A problem with public key encrption in IKE
Index(es):
- Main
- Thread