[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proof-of-possession for DH keys

To: kent@xxxxxxx
Subject: Re: proof-of-possession for DH keys
From: Adam Back <aba@xxxxxxxxxxxx>
Date: Wed, 14 Oct 1998 18:48:23 +0100
Cc: ietf-pkix@xxxxxxx
In-reply-to: <> (message from Stephen Kenton Tue, 11 Aug 1998 16:49:27 -0400)
Sender: owner-ietf-pkix@xxxxxxx

Steve Kent writes:

> Unfortunately, the possible consqquences are worse than the self-inflicted
> DoS attack you descibed.  Specifically, by having a credible CA issue a
> cert binding someone elses public key to the imposter's name, the imposter
> can claim to be the signer of traffic associated with someone else (in the
> case of a signature key bound into the certificate). 

But DH keys are not signatures keys, they are confidentiality keys.
This was the point being made: that DH POPs (see the subject line) are
not (that) useful.

The attack you describe relating to signatures keys is obviously true:
this is what self certificates protect against.  The point with a DH
key is that you can't issue a self cert, because it is not a signature
key, therefore you define a POP instead, if you want the (small)
advantage of a POP for a confidentiality key.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

Follow-Ups:
- Re: proof-of-possession for DH keys
  - From: Stephen Kent

References:
- Re: proof-of-possession for DH keys
  - From: Stephen Kent

Prev by Date: PKIX Chicago Agenda
Next by Date: Re: German Key Usage
Previous by thread: Re: proof-of-possession for DH keys
Next by thread: Re: proof-of-possession for DH keys
Index(es):
- Date
- Thread