[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A problem with public key encrption in IKE

To: kent@bbn.com
Subject: Re: A problem with public key encrption in IKE
From: francisco_corella@hp.com
Date: Fri, 17 Dec 1999 11:01:08 -0800
Cc: francisco_corella@hp.com, ipsec@lists.tislabs.com
In-Reply-To: <"v04220805b47d9715f5db(a)(091)171.78.30.108(093)*"@MHS>
Sender: owner-ipsec@lists.tislabs.com

     Steve,
     
     If one is allowed to argue that one has been persuaded to sign random 
     data, then the whole concept of a digital signature collapses.  
     Remember that when a document is signed, the digital signature is 
     applied to a cryptographic hash of the document and the hash is 
     indistinguishable from random data if you don't know how it was 
     generated.
     
     Francisco


______________________________ Reply Separator _________________________________
Subject: Re: A problem with public key encrption in IKE
Author:  Non-HP-kent (kent@bbn.com) at HP-ColSprings,mimegw5
Date:    12/15/99 11:15 AM


Francisco,
     
Good points.  If one wants to support anonymity for encrypted access 
there are lots of options, but once we add in a requirement for 
access control, the options narrow.  However, the fine line between 
repudiable and non-repudiable proof of access may be relatively minor 
in general.  A site usually would  maintain an audit trail that would 
record the successful login in any case.  To dispute that would 
entail a lengthy argument about how it might have been altered, etc. 
I agree that it is preferable to have strong technical controls for 
NR, and to distinguish between such controls and less stringent 
methods.  However, we must also remember that the banking community 
has long relied on MACs for authentication/integrity and claimed that 
an audit trail of MACs provided a basis for NR!
     
Let me suggest a slight variation on this theme.  If a user signs some 
data for authentication, but the data is arbitrary and chosen by the 
communicating peer, then we can argue that we don't have a good basis 
for NR, because the user might have been persuaded to sign such data 
under a variety of circumstances.  In that case the peer has the 
"proof" it needs for authentication, as an input to access control, 
but the user has not provided technically non-repudiable evidence as 
part of login. How does the current IKE use of signatures for 
authentication relate to this model?
     
Steve

Follow-Ups:

Re: A problem with public key encrption in IKE

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Latest ipsec-pki-req-04.txt illustrations considered harmful
Next by Date: Re: A problem with public key encrption in IKE
Prev by thread: Re: A problem with public key encrption in IKE
Next by thread: Re: A problem with public key encrption in IKE
Index(es):
- Main
- Thread