[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE Public Key Encryption

To: "'IP Security List'" <ipsec@lists.tislabs.com>
Subject: RE: IKE Public Key Encryption
From: akrywani@newbridge.com
Date: Wed, 22 Mar 2000 18:04:54 -0500
Importance: Normal
In-Reply-To: <319A1C5F94C8D11192DE00805FBBADDF01021E05@exchange>
Reply-To: <akrywani@newbridge.com>
Sender: owner-ipsec@lists.tislabs.com

DH>   It's hashed to retain identity protection which is a feature of Main
DH> Mode.

As a general comment on including the hash of the certificate/public key in
the message, this doesn't really provide true identity protection, since an
attacker could generate the same hash.

Wouldn't it be better to use a hash of the certificate plus some session
info (e.g. the cookies), which would at least protect against identity
tracking attacks.

Andrew
--------------------------------------
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.

Follow-Ups:

Re[2]: IKE Public Key Encryption

From: Jim Tiller <jtiller@lucent.com>

Prev by Date: Re[2]: IKE Public Key Encryption
Next by Date: Deleted Internet Drafts
Prev by thread: Re: IKE Public Key Encryption
Next by thread: Re[2]: IKE Public Key Encryption
Index(es):
- Main
- Thread