[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE (was RE: Reliable delete notifies)
> And I don't understand this whole "derive a pre-shared key from a
> self-signed certificate" thing. The whole point of using certificates (IMHO
> only, I have discovered) is that they have extra properties that preshared
> keys do not have (e.g. the fact that they can be publicly distributed
> without revealing the key). If you use the hash of a self-signed certificate
> as a preshared key (in which case you cannot distribute the certificate
> publicly) then you inherit the worst of both worlds.
i'm sorry. i was unclear in my previous posts. i did not mean to use hash
of the certificate as a preshared key. i tried to point out that
certificate hash can be used in human-machine interaction same way as
pre-shared secret is used: you can enter it manually (it is short enough),
you can write it down to post-it note and so on.
what machine does with this string is different: pre-shared key is used by
ike directly. certificate hash is used indirectly via certificate
validation routine. conventional certificate validation routine checks the
signature of the certificate using public key from CA certificate. i
proposed to validate the certificate by comparing the hash of the
certificate with previously entered hash.
important point is that it provides almost same feeling to user as working
with pre-shared keys and you do not need any CA to make it work: just two
ipsec devices. at the same time we can simplify ike by removing
authentication using pre-shared keys and simplify management software by
removing the need to store and distribute confidential information
(pre-shared secrets).
arne
References: