Re: SOI: identity protection and DOS

[Ari Huttunen <Ari.Huttunen@f-secure.com>]

Derek Atkins wrote:
> Do you mean pre-shared secret-key or pre-shared public-key?  I happen
> to agree with Steve that pre-shared public-key is sufficient (and
> probably superior) to pre-shared secret-key authentication.  In other
> words, we pre-share RSA Public Keys.  No certificates are necessarily
> required.  As was pointed out, see SSH for an example of how this
> works.

I agree that pre-shared public key is sufficient, and argue that either
one is necessary for at least easy testing. There's also one benefit
to this not already mentioned (that I noticed), i.e. that
"foobar" or "you'll never guess" are not public keys.

Ari

-- 
"They that can give up essential liberty to obtain a little 
temporary safety deserve neither liberty nor safety." - Benjamin Franklin

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com 

F(ully)-Secure products: Securing the Mobile Enterprise

---

Follow-Ups:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>

References:

• Re: SOI: identity protection and DOS
• From: Derek Atkins <warlord@mit.edu>
• Re: SOI: identity protection and DOS
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>
• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>
• Re: SOI: identity protection and DOS
• From: Sara Bitan <sarab@cs.Technion.AC.IL>
• Re: SOI: identity protection and DOS
• From: Derek Atkins <warlord@mit.edu>

---

• Prev by Date: Re: SOI: identity protection and DOS
• Next by Date: I-D ACTION:draft-ietf-ipsec-ike-hash-revised-03.txt
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread