[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A problem with public key encrption in IKE

To: kent@xxxxxxx
Subject: Re: A problem with public key encrption in IKE
From: francisco_corella@xxxxxx
Date: Fri, 17 Dec 1999 14:34:00 -0800
Cc: francisco_corella@xxxxxx, ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <"v04220803b480480a6852(a)(091)171.78.30.108(093)*"@MHS>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Steve,
Thanks. I hadn't thought of the possibility of using key usage bits for that purpose. (I'm not on the PKIX list.)
Francisco

______________________________ Reply Separator _________________________________
Subject: Re: A problem with public key encrption in IKE
Author: Non-HP-kent (kent@bbn.com) at HP-ColSprings,mimegw5
Date: 12/17/99 12:16 PM

Francisco,

Steve,

If one is allowed to argue that one has been persuaded to sign random data, then the whole concept of a digital signature collapses. Remember that when a document is signed, the digital signature is applied to a cryptographic hash of the document and the hash is indistinguishable from random data if you don't know how it was generated.

Well, not all signatures are intended to be non-repudiable! Sometimes we sign things purely for authentication. As we have discussed extensively on the PKIX list, one should exercise care in setting the key usage bits, to distinguish the intent of signing as repudiable or non-repudiable. So, IF one wished to use signature-based authentication with IKE, and wished to avoid any connotation of non-repudiation, it is feasible to do that.
Steve

Prev by Date: Re: A problem with public key encrption in IKE
Next by Date: Re: A problem with public key encrption in IKE
Previous by thread: Re: signture mode and non-repudiation
Next by thread: RE: A problem with public key encrption in IKE
Index(es):
- Date
- Thread