[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX. (Was: RE:Asymmetric authentication

To: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Subject: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 21 Jul 1999 16:29:18 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>

David,

If one does not want to treat the public key as public info, then we can
certainly make life much harder for an attacker.  The measures I described
work even better under such circumstances, as the atacker has no reference
against which to compare guesses.

A company called Arcot has a patented approch to doing this, in which they
pass the public key as an encrypted extension in an X.509 cert, which would
allow continued use of the current mechanisms in IKE for cert exchange. A
paper on their approach was published in the 1999 IEEE Security and Privacy
Symposium.

Of course, Lynn's cert-less approach to using public key cryptography also
provides ways to avoid such attacks.

At this point, the discussion really seems more appropriate for the IPsec,
not PKIX, mailing list, don't you think?

Steve

References:
- RE: KISS for PKIX. (Was: RE:Asymmetric authentication
  - From: David P. Kemp

Prev by Date: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
Next by Date: Re: Showing Nationality in Cert
Previous by thread: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
Next by thread: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
Index(es):
- Date
- Thread