[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI: identity protection and DOS

To: "'Paul Koning'" <ni1d@arrl.net>
Subject: RE: SOI: identity protection and DOS
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Wed, 28 Nov 2001 16:02:17 -0500
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <15364.62563.431622.258994@mail.dev.equallogic.com>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

This might sound like I am splitting hairs, but my point was to examine
situations where you can get authentication but not secrecy. With a PGP web
of trust, secrecy isn't a requirement, but it's easy enough to set up an SA
once you already assume authentication, so PGP doesn't actually facilitate
key exchange in a public environment any more than a preshared secret with a
trusted intermediary would.

The other point is that when you exchange a public key through a trusted
intermediary, you are trusting them not to substitute a different public key
so they can impersonate you. If you exchange a shared secret through a
trusted intermediary, you are again trusting them not to remember the key so
they can impersonate you. Maybe you could argue that in some practical
situations the risks are smaller in the PK case, but the situations are
still basically analagous. In cases where the web of trust extends more than
1 or 2 intermediaries, I would argue that the peer is not "meaningfully"
authenticated.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Paul Koning
> Sent: Wednesday, November 28, 2001 9:28 AM
> To: andrew.krywaniuk@alcatel.com
> Cc: ipsec@lists.tislabs.com
> Subject: RE: SOI: identity protection and DOS
>
>
> >>>>> "Andrew" == Andrew Krywaniuk
> <andrew.krywaniuk@alcatel.com> writes:
>  >> ...
>  >> Not true. You only need a authenticated transport for the public
>  >> key hashes: you don't have to keep them private.
>
>  Andrew> I thought about this, but the distinction is mostly moot
>  Andrew> because there aren't that many circumstances where you can
>  Andrew> get authentication without secrecy. Maybe if you phoned the
>  Andrew> person and you thought the phone might be tapped but you
>  Andrew> could recognize their voice... Other popular key distribution
>  Andrew> techniques, such as e-mail, finger, websites, voice-mail from
>  Andrew> an administrator are unlikely to have that property where
>  Andrew> they are (meaningfully) authenticated but not secret.
>
> You left out a well established public key distribution scheme that
> fits the description: the PGP Web of Trust.
>
> There is even a spec for the use of PGP keys with IKE.  I remember at
> least one implementation (don't know how many more there are).  If
> people are interested in a scheme that doesn't require the out of band
> channel to have privacy (as shared secrets do), allows for self-signed
> keys but isn't limited to them, and doesn't have the insistence on
> centralization that the X.509 style CA schemes have, wider
> implementation of that spec would be an option to consider.
>
>        paul
>
>

References:

RE: SOI: identity protection and DOS

From: Paul Koning <ni1d@arrl.net>

Prev by Date: RE: On shared keys (was RE: SOI: identity protection and DOS)
Next by Date: Re: IKEv2 and SIGMA
Prev by thread: RE: SOI: identity protection and DOS
Next by thread: RE: SOI: identity protection and DOS
Index(es):
- Main
- Thread