[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



>>>>> "david" == david chen <ietf_davidchen@hotmail.com> writes:

 david> Agree, However, the self-cert does not use PKInfrastructure to
 david> authenticate the public key in the cert; What is used to
 david> authenticate the public key is the same requirement as that of
 david> pre-shared key.  The only difference is the self-cert (or any
 david> cert) does *not* (it is still argued in this thread for id
 david> protection) requiring an encrypted distribution channel.

 david> In the point of 'id protection', the self-cert (or any cert)
 david> requires some encryption but not public key in the cert.  If
 david> 'id protection' is true, we see the self-serve still require
 david> some form of encrypted secure channel between peers.

There are three cases to consider; for each, you can ask whether for
that case there is a requirement for integrity, and a requirement for
confidentiality. 

1. Initial distribution of keying material (bootstrapping).
2. Storage of the keying material.
3. Use of the keying material for IKE or similar session-key
   establishment protocol.  (Here, "confidentiality" can mean a
   mechanism that proves possession of a secret without disclosing it,
   not necessarily sending the secret itself in encrypted form.)

For preshared secret, the answers are:
1. needs confidentiality and integrity
2. ditto
3. ditto

For self-signed certs, the answers are:
1. need integrity
2. ditto
3. ditto.  If you want "id protection", you also want confidentiality
   in this step (only).  The point to remember is that the term
   indicates whether you disclose identity as part of session key
   establishment.

For "regular" certs (signed by a CA) the answers for the cert are:
1. none
2. none
3. none

but for the CA key they are the same as for self-signed certs, since
CA keys are self-signed.  Note that a lot of people are treating the
channel through which they downloaded their current browser as a
channel with integrity, since that's the channel that distributes the
most commonly used SA keys (for https)...

So id protection imposes a requirement on IKE or equivalent, not to
disclose the identity from the cert, if a cert is used.  But it
doesn't change the fact that the earlier steps are easier with certs
than with preshared keys, for example backups are not such a concern.

     paul



Follow-Ups: References: