[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
If pre-shared RSA public keys does not "expire" and
never change for an identity then it is better;
Otherwise, "managing pre-shared RSA public keys"
will using private channel as managing pre-shared private keys or
the cert and CA...
--- David
----- Origina
l Message -----
From: "Derek Atkins" <warlord@mit.edu>
To: "Sara Bitan" <sarab@cs.Technion.AC.IL>
Cc: "Michael Thomas" <mat@cisco.com>; "Henry Spencer" <henry@spsystems.net>;
"ipsec list" <ipsec@lists.tislabs.com>
Sent: Monday, November 26, 2001 9:05 PM
Subject: Re: SOI: identity protection and DOS
> Sara,
>
> Sara Bitan <sarab@cs.Technion.AC.IL> writes:
>
> > I think pre-shared keys authentication is a requirement, and it doesn't
> > necessary imply huge overhead. There are several good (and popular)
>
> Do you mean pre-shared secret-key or pre-shared public-key? I happen
> to agree with Steve that pre-shared public-key is sufficient (and
> probably superior) to pre-shared secret-key authentication. In other
> words, we pre-share RSA Public Keys. No certificates are necessarily
> required. As was pointed out, see SSH for an example of how this
> works.
>
> -derek
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
>
References: