RE: SOI QUESTIONS: 2.5 Plausible denaibility

["Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>]

> 	This nice feature does no worth the expense it involves.

I had a section explaining this in draft-ipsec-properties (which has expired
and I haven't gotten around to resubmitting).

"8.2 Repudiation

Authentication using either pre-shared keys or public key encryption has the
repudiation property. Either side is capable of forging the entire exchange;
therefore there is no reliable way to prove that the transaction took place.
Authentication using public key signatures does not provide full
repudiation, but it doesn’t provide explicit non-repudiation either. When
Bob generates a signature, it proves that he talked to somebody. It is
possible for Alice to encode a signed hash of her identity into a payload
that will be signed by Bob during the course of the exchange. This would
prove that Bob talked to Alice (or someone colluding with Alice), although
not necessarily on purpose. Note that this does not prove to a third party
that any data sent with the negotiated keys is genuine.
So for all intents and purposes, IKE provides repudiation of the phase 1
exchange, no matter which mode of authentication you use."


The point being that all the original IKEv1 modes had repudiation almost by
accident. I'll be the first to admit that it's not a very important feature,
but there is no expense involved.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.