[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: signture mode and non-repudiation

To: Stephen Kent <kent@bbn.com>
Subject: Re: signture mode and non-repudiation
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Tue, 21 Dec 1999 14:34:45 +0200 (IST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <v0422080fb4843c8642f1@[171.78.30.107]>
Sender: owner-ipsec@lists.tislabs.com



> >
> >On the other hand, if anyone insists in using the signature mode for
> >non-repudiation purposes (I do not recommend that) then he can use
> >a prf which is also collision resistant (e.g. HMAC-SHA1).
> 
> I would go beyond this to suggest that we standardize on a function 
> for the signed data that is intentionally not collision resistant, 
> without worrying about the implications for the PRF re key selection 
> in general. That way we could avoid unintentional NR "features" of 
> signature-based IKE authentication.
> 
> Steve

I do not think that this needs standardization (after all, people
seem to be in total love with hash functions as prf's and these
functions do have the non-collisions property).

Maybe a note in the IKE document explaining this issue can be of help.
 
Hugo

References:

Re: signture mode and non-repudiation

From: Stephen Kent <kent@bbn.com>

Prev by Date: MM with signatures and dynamic IP addresses?
Next by Date: RE: tell me something about the frees/wan
Prev by thread: Re: signture mode and non-repudiation
Next by thread: RE: signture mode and non-repudiation
Index(es):
- Main
- Thread