[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A problem with public key encrption in IKE
Steve,
If one is allowed to argue that one has been persuaded to sign random
data, then the whole concept of a digital signature collapses.
Remember that when a document is signed, the digital signature is
applied to a cryptographic hash of the document and the hash is
indistinguishable from random data if you don't know how it was
generated.
Francisco
______________________________ Reply Separator _________________________________
Subject: Re: A problem with public key encrption in IKE
Author: Non-HP-kent (kent@bbn.com) at HP-ColSprings,mimegw5
Date: 12/15/99 11:15 AM
Francisco,
Good points. If one wants to support anonymity for encrypted access
there are lots of options, but once we add in a requirement for
access control, the options narrow. However, the fine line between
repudiable and non-repudiable proof of access may be relatively minor
in general. A site usually would maintain an audit trail that would
record the successful login in any case. To dispute that would
entail a lengthy argument about how it might have been altered, etc.
I agree that it is preferable to have strong technical controls for
NR, and to distinguish between such controls and less stringent
methods. However, we must also remember that the banking community
has long relied on MACs for authentication/integrity and claimed that
an audit trail of MACs provided a basis for NR!
Let me suggest a slight variation on this theme. If a user signs some
data for authentication, but the data is arbitrary and chosen by the
communicating peer, then we can argue that we don't have a good basis
for NR, because the user might have been persuaded to sign such data
under a variety of circumstances. In that case the peer has the
"proof" it needs for authentication, as an input to access control,
but the user has not provided technically non-repudiable evidence as
part of login. How does the current IKE use of signatures for
authentication relate to this model?
Steve
Follow-Ups: