RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)

[David Jablon <dpj@xxxxxxxxxxxxx>]

Some more banter ...

At 10:07 PM 6/21/00 -0700, CHINNA N.R. PELLACURU wrote:
> ... any good password based system would protect
> such a low entropy secret, to the maximum possible extent. And however
> that is done, can be done without any change to the IKE protocol. If you
> still feel that this is not possible, then I can give you the gory
> details.

So, again, show me.  I know of maybe ten systems that can use a small
secret to safely authenticate a key exchange, DH-EKE, SPEKE, SRP, OKE,
SNAPI, AMP, and so on, with none of them are matched by anything (yet) in IKE.
Please try prove me wrong.


>> CHINNA:
>> >And so what is your cryptographic definition of "user authentication" Vs
>> >"machine authentication". I don't think you have provided any.

David:
>> Fine.  Here's my formal definition:
>> 
>> 	User authentication needs a secret.
>> 	Machines can remember big ones,
>> 	but people can't.
>> 	Deal with it.
>> 
>> OK, so it's not formal, and not exactly Haiku, but it gets to the point.

CHINNA:
> And this is the formal cryptographic definition?! I hope it is your own,
> not accepted academically. Do you have any reference even vaguely hinting
> in this direction.

There are a *lot* of papers in this field.  I maintain a list of them at <http://www.IntegritySciences.com/links.html> and there is further
discussion at the related pages at this site.  As in most cryptography,
practice in this field has been way ahead of a solid theoretical foundation.

In the past couple years there has been progress in creating
formal definitions and analysis, but it's not for the faint of heart.
If among these papers you find a definition better suited to your
taste, please feel free to let me know.  

---------------------------------------------------
David P. Jablon
Integrity Sciences, Inc.
dpj@xxxxxxxxxxxxxxxxxxxxx
www.IntegritySciences.com