[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE Public Key Encryption
> From jtiller@lucent.com Mon Mar 20 14:03:39 2000
> Date: Mon, 20 Mar 2000 14:01:20 -0500
> From: Jim Tiller <jtiller@lucent.com>
> X-Mailer: The Bat! (v1.36) S/N 569FD297
> Reply-To: Jim Tiller <jtiller@lucent.com>
> Organization: Lucent
> X-Priority: 3 (Normal)
> Message-Id: <8584.000320@lucent.com>
> To: pau@watson.ibm.com
> Cc: ipsec@lists.tislabs.com
> Subject: Re: IKE Public Key Encryption
> In-Reply-To: <0003201625.AA24910@secpwr.watson.ibm.com>
> References: <0003201625.AA24910@secpwr.watson.ibm.com>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> Content-Length: 702
> Status: RO
>
> Thankx for answering...
>
> Is this becoming common practise for most vendors? Although optional,
I am not sure if this has become common practice.
> are most including it to avoid complexity and ambiguity? I'm certain
It is meant to avoid ambiguity. Dan pointed out that ambiguity only
exists if the responder has more than one public key. I would submit
that in general the initiator cannot be sure about that the responder
has only one public key suitable for this usage (key encryption).
> this has come up in the VPNC and interpretability seminars.
>
> Also, one more question, if it is a certificate, why hash it? I'm
> assuming to reduce the size of the payload, but this comes at a cost
> of processing when the responder is responsible for many certificates.
> I might add that I'm assuming alot here and just expressing my
> curiosity to the group.
It is meant to preserve anonymity.
Pau-Chen
>
> thankx
> -jim
>
> Monday, March 20, 2000, 11:25:12 AM, you wrote:
>
> pwic> I would agree. At least our own experience showed that this makes
> pwic> it much less ambiguous.
>
> pwic> Pau-Chen
>
>
>