Re: A problem with public key encrption in IKE

[Stephen Kent <kent@xxxxxxx>]

Francisco,

Good points.  If one wants to support anonymity for encrypted access 
there are lots of options, but once we add in a requirement for 
access control, the options narrow.  However, the fine line between 
repudiable and non-repudiable proof of access may be relatively minor 
in general.  A site usually would  maintain an audit trail that would 
record the successful login in any case.  To dispute that would 
entail a lengthy argument about how it might have been altered, etc. 
I agree that it is preferable to have strong technical controls for 
NR, and to distinguish between such controls and less stringent 
methods.  However, we must also remember that the banking community 
has long relied on MACs for authentication/integrity and claimed that 
an audit trail of MACs provided a basis for NR!

Let me suggest a slight variation on this theme.  If a user signs 
some data for authentication, but the data is arbitrary and chosen by 
the communicating peer, then we can argue that we don't have a good 
basis for NR, because the user might have been persuaded to sign such 
data under a variety of circumstances.  In that case the peer has the 
"proof" it needs for authentication, as an input to access control, 
but the user has not provided technically non-repudiable evidence as 
part of login. How does the current IKE use of signatures for 
authentication relate to this model?

Steve