Re: Summary of revised identity changes

[Stephen Kent <kent@bbn.com>]

At 8:50 PM -0500 12/9/02, Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>     >> a) For certificate authentication, in messages 3 and 4, you no longer
>     >> send both an ID and a certificate. Instead, you send only a
>     >> certificate and the receiver gets your identity from the certificate.
>
>   I'm profoundly unhappy about this.
>   I feel that it will lead to massive amounts of failure to interoperate.
>
>   Right now, I can make an X.509 implementation and a non-X.509
>implementation (such as might be found in a handheld!) interop by arranging
>for appropriate keys to be in the right places.
>
>   I.e. I can generate the handheld's "certificate" in a number of ways that
>doesn't involve having the handheld actually know about X.509. The contents
>of the CERT payload is just "bytes" - doesn't matter to the handheld.
>
>   Now, if you do this, then the handheld winds up with goop it doesn't
>understand setting policy for it. Maybe this is appropriate for you, but not
>for me.
>
>   I fear strongly that this proposal will permanently wed people to the
>false belief that public key operations involve PKIs.
>
>   By all means, make the contents of certificates clear. But, they aren't to
>be involved in the identities.

Michael,

I can't understand this last sentence. When we use certs for 
authentication in IKE, they should be used to convey the IDs that we 
are asserting. If we use certs to authenticate IKE peers and these 
have no relationship to the IDs we assert, then we have to have some 
other mapping of the certs to the sets of IDs that they are 
authorized to represent, and that mapping is another source of 
complexity and errors that can result in security problems.  Did I 
misunderstand your last comment?

Steve