[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A problem with public key encrption in IKE
Steve,
You're right. The non-repudiation feature does not seem very useful
for IPSEC. One really has to sign a specific document to take
advantage of that feature.
On the other hand, the repudiability feature of pk encryption does
seem useful. To take as an example an issue that has been in the news
recently, suppose a gay serviceman (in the US armed forces) is
accessing a gay web site (he would be using SSL rather than IPSEC, but
I'm just trying to illustrate the repudiability feature). If he uses
a digital signature for authentication, the military would be able to
prove that he has accessed the site. If he uses pk encryption, the
military will not be able to prove it. So the serviceman would find
value in using pk encryption rather than digital signature.
Since non-repudiation does not seem useful but repudiability does seem
useful, this suggests that, as a general design principle, one should
use pk encryption for authenticating connections rather than
signatures.
I'm not proposing to drop signatures from IKE, of course, I'm just
theorizing.
Francisco
______________________________ Reply Separator _________________________________
Subject: Re: A problem with public key encrption in IKE
Author: Non-HP-kent (kent@bbn.com) at HP-ColSprings,mimegw5
Date: 12/14/99 12:38 PM
Francisco,
Whether a signature provides a basis for non-repudiation depends on
the details of the generation process. Note that in the case of
IPsec, at most one might be able to prove that a peer initiated an
SA, but the signature applied during the IKE exchange would not say
anything about what data was sent on the SAs later. So, while I like
the use of signatures for IKE authentication, I would not argue too
strongly for them based on any non-repudiation basis.
Steve
Follow-Ups: