[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auth Method

To: Valery Smyslov <svan@trustworks.com>
Subject: Re: Auth Method
From: "jpickering@creeksidenet.com" <jpickering@creeksidenet.com>
Date: Wed, 12 Mar 2003 07:19:56 -0500
CC: ipsec@lists.tislabs.com
References: <00c501c2e3ba$872e83f0$640572d4@trustworks.com> <3E673960.D2E2BC10@creeksidenet.com> <00f401c2e3dc$3d4bc000$640572d4@trustworks.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20001108 Netscape6/6.0

I guess my point was that you must have a public key in order to try to verify the signature.
If you know the public key type, there is no real reason to also know the private key type used
by the remote end to sign. If there sender signs with a different private key type than
the public key he/she sent you, the sig just wont verify.

Of course, to determine the type of public key you hold, you need to do some ASN1 decoding.
Getting this from the AUTH payload may be easier for some implementations, so adding an
RSA/DSA differentiator may be helpful.

Regards,
Jeff

Valery Smyslov wrote:

The public key type is encoded in the key itself. So even if you use
signatures without certs, you still have the information.

Jeff


I don't think so. Authentication payload contains the signature, not the
key.
And encoding of this signature in payload is not defined in the
document (BTW, I think it needs to be fixed anyway).
And if encoding follows the same rules as in IKEv1 (PKCS#1 for RSA
and raw signature for DSS), receiving side has no reliable means
to distinguish between them.

Regards,
Valery Smyslov.

Valery Smyslov wrote:

Greeting,

IKEv2-05 specifies only 2 values for Auth Method field in
Authentication Payload: Digital Signature (1) and Shared Key
Message Integrity Code (2). How could receiver unambiguously
determine what digital signature algorithm was used: RSA, DSA or
something else? By examining Authentication Payload length? - not
very reliable method. Via the other entity's certificate? - but
Certificate Payload is optional, and the entity may have several
certificates of different type.

In message http://www.vpnc.org/ietf-ipsec/mail-archive/msg02440.html
Charlie Kaufman wrote:

        Unless someone objects, I'll add a specifier of the
        authentication data type, of which we currently have 3: RSA
signature,
       !
 DSA signature, and shared key HMAC.

So, the original intention was to make Auth Type more specific than we
have now, indicating what particular digital signature algorithm was

used.

I'm curious what was the rationale to change that intention.

Another issue - how each side can advertise auth methods she supports.
In the same message there was some discussion on this topic and
suggestion to use CertRequest Payload for that purpose. Unfortunately,
it hasn't been done. Why? Are there strong objections against it?

Regards,
Valery Smyslov.

References:
- Auth Method
  - From: "Valery Smyslov" <svan@trustworks.com>
- Re: Auth Method
  - From: jeff pickering <jpickering@creeksidenet.com>

Prev by Date: Re: bidding down attach on NAT-T
Next by Date: oakley groups
Prev by thread: Re: Auth Method
Next by thread: Re: Auth Method
Index(es):
- Date
- Thread