[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-ike-auth-ecdsa-01.txt



> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IP Security Protocol Working Group of the IETF.
> 
> 	Title		: IKE Authentication Using ECDSA
> 	Author(s)	: S. Blake-Wilson, P. Fahn
> 	Filename	: draft-ietf-ipsec-ike-auth-ecdsa-01.txt
> 	Pages		: 5
> 	Date		: 06-Nov-00
> 	
> This document describes how the Elliptic Curve Digital Signature
> Algorithm (ECDSA) may be used as the authentication method within
> the Internet Key Exchange (IKE) protocol. ECDSA provides
> authentication and non-repudiation with benefits of computational

While ECDSA can provide non-repudiation when used appropriately,
it cannot guarantee that property, in general, when used in the cotext of
the signature authentication mode of IKE. The reason is that 
BY DESIGN this mode does NOT guarantee non-repudiation regardless
of the signature scheme. Indeed the input to the signature is the
output of a PRF. For certain PRFs (e.g. 3DES, Rijndael) the 
combination with the signature results in a repudable signature.
Non-repudiation was a no-goal for IKE. Actually ensuring non-repudiation 
can be viewed as a privacy weakness (as it gives a "proof of
communication"). If one still wants to provide non-repudiation
then using HMAC as the PRF with a hash function that provides
collision-resistance will achieve that.

Hugo

 
> efficiency, small signature sizes, and minimal bandwidth, compared
> to other available digital signature methods. This document adds
> ECDSA capability to IKE without introducing any changes to existing
> IKE operation.
> 



References: