[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.5 Plausible deniability

To: ipsec@lists.tislabs.com
Subject: Re: SOI QUESTIONS: 2.5 Plausible deniability
From: "Housley, Russ" <rhousley@rsasecurity.com>
Date: Fri, 21 Jun 2002 14:06:17 -0400
Sender: owner-ipsec@lists.tislabs.com

At 1:03 PM -0400 6/20/02, Theodore Ts'o wrote:
>Please discuss and answer this question.....  (for more discussion and a
>clear definition of "plausible denaibility", please see section 2.5 of
>the soi-features I-D).
>
>2.5)  Plausible denaibility
>
>2.5.A) Does SOI need to provide "plausible deniability" (the opposite
>of "non-repudiation") for the initiator?
>
>
>2.5.B) Does SOI need to provide "plausible deniability" (the opposite
>of "non-repudiation") for the responder?

Non-repudiation is a service that is normally associated with the 
application layer.  So, this characterization is not quite right, but I 
think we all get the point.

The only IPsec issue seems to be private key operations that are 
subsequently used to prove the participation of a particular party in the 
symmetric key management exchange. I do not think that we should expend any 
effort (and certainly we should not add complexity) to provide "plausible 
deniability" for either party.

Russ

Prev by Date: SOI Discussion
Next by Date: Re: SOI QUESTIONS: 2.4 Number of crypto operations
Prev by thread: RE: Scenario-Question matrix
Next by thread: RE: replacing preshared keys
Index(es):
- Date
- Thread