[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Summary of revised identity changes
At 8:50 PM -0500 12/9/02, Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
> >> a) For certificate authentication, in messages 3 and 4, you no longer
> >> send both an ID and a certificate. Instead, you send only a
> >> certificate and the receiver gets your identity from the certificate.
>
> I'm profoundly unhappy about this.
> I feel that it will lead to massive amounts of failure to interoperate.
>
> Right now, I can make an X.509 implementation and a non-X.509
>implementation (such as might be found in a handheld!) interop by arranging
>for appropriate keys to be in the right places.
>
> I.e. I can generate the handheld's "certificate" in a number of ways that
>doesn't involve having the handheld actually know about X.509. The contents
>of the CERT payload is just "bytes" - doesn't matter to the handheld.
>
> Now, if you do this, then the handheld winds up with goop it doesn't
>understand setting policy for it. Maybe this is appropriate for you, but not
>for me.
>
> I fear strongly that this proposal will permanently wed people to the
>false belief that public key operations involve PKIs.
>
> By all means, make the contents of certificates clear. But, they aren't to
>be involved in the identities.
Michael,
I can't understand this last sentence. When we use certs for
authentication in IKE, they should be used to convey the IDs that we
are asserting. If we use certs to authenticate IKE peers and these
have no relationship to the IDs we assert, then we have to have some
other mapping of the certs to the sets of IDs that they are
authorized to represent, and that mapping is another source of
complexity and errors that can result in security problems. Did I
misunderstand your last comment?
Steve