[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A problem with public key encrption in IKE
Francisco,
Good points. If one wants to support anonymity for encrypted access
there are lots of options, but once we add in a requirement for
access control, the options narrow. However, the fine line between
repudiable and non-repudiable proof of access may be relatively minor
in general. A site usually would maintain an audit trail that would
record the successful login in any case. To dispute that would
entail a lengthy argument about how it might have been altered, etc.
I agree that it is preferable to have strong technical controls for
NR, and to distinguish between such controls and less stringent
methods. However, we must also remember that the banking community
has long relied on MACs for authentication/integrity and claimed that
an audit trail of MACs provided a basis for NR!
Let me suggest a slight variation on this theme. If a user signs
some data for authentication, but the data is arbitrary and chosen by
the communicating peer, then we can argue that we don't have a good
basis for NR, because the user might have been persuaded to sign such
data under a variety of circumstances. In that case the peer has the
"proof" it needs for authentication, as an input to access control,
but the user has not provided technically non-repudiable evidence as
part of login. How does the current IKE use of signatures for
authentication relate to this model?
Steve
References: