[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: signture mode and non-repudiation
> >
> >On the other hand, if anyone insists in using the signature mode for
> >non-repudiation purposes (I do not recommend that) then he can use
> >a prf which is also collision resistant (e.g. HMAC-SHA1).
>
> I would go beyond this to suggest that we standardize on a function
> for the signed data that is intentionally not collision resistant,
> without worrying about the implications for the PRF re key selection
> in general. That way we could avoid unintentional NR "features" of
> signature-based IKE authentication.
>
> Steve
I do not think that this needs standardization (after all, people
seem to be in total love with hash functions as prf's and these
functions do have the non-collisions property).
Maybe a note in the IKE document explaining this issue can be of help.
Hugo
References: