[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A problem with public key encrption in IKE

To: kent@bbn.com
Subject: Re: A problem with public key encrption in IKE
From: francisco_corella@hp.com
Date: Fri, 17 Dec 1999 14:34:00 -0800
Cc: francisco_corella@hp.com, ipsec@lists.tislabs.com
In-Reply-To: <"v04220803b480480a6852(a)(091)171.78.30.108(093)*"@MHS>
Sender: owner-ipsec@lists.tislabs.com

     Steve,
     
     Thanks.  I hadn't thought of the possibility of using key usage bits 
     for that purpose.  (I'm not on the PKIX list.)
     
     Francisco


______________________________ Reply Separator _________________________________
Subject: Re: A problem with public key encrption in IKE
Author:  Non-HP-kent (kent@bbn.com) at HP-ColSprings,mimegw5
Date:    12/17/99 12:16 PM


Francisco,
>     Steve,
>
>     If one is allowed to argue that one has been persuaded to sign 
>random     data, then the whole concept of a digital signature 
>collapses.      Remember that when a document is signed, the digital 
>signature is     applied to a cryptographic hash of the document and 
>the hash is     indistinguishable from random data if you don't know 
>how it was     generated.
     
Well, not all signatures are intended to be non-repudiable! 
Sometimes we sign things purely for authentication.  As we have 
discussed extensively on the PKIX list, one should exercise care in 
setting the key usage bits, to distinguish the intent of signing as 
repudiable or non-repudiable. So, IF one wished to use 
signature-based authentication with IKE, and wished to avoid any 
connotation of non-repudiation, it is feasible to do that.
     
Steve

Prev by Date: Re: Latest ipsec-pki-req-04.txt - EKU
Next by Date: Re: A problem with public key encrption in IKE
Prev by thread: RE: signture mode and non-repudiation
Next by thread: RE: A problem with public key encrption in IKE
Index(es):
- Main
- Thread