IETF Logo Mail Archive

Question about Basic Authentication Scheme

Stefan_Salzmann/HAM/Lotus@lotus.com Tue, 13 October 1998 16:40 UTC

Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.8.5/8.8.7a) with ESMTP id MAA29446 for <pkix-archive@odin.ietf.org>; Tue, 13 Oct 1998 12:40:48 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA17888 for ietf-pkix-bks; Tue, 13 Oct 1998 07:10:54 -0700 (PDT)
Received: from lotus2.lotus.com (lotus2.lotus.com [192.233.136.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA17883 for <ietf-pkix@imc.org>; Tue, 13 Oct 1998 07:10:52 -0700 (PDT)
From: Stefan_Salzmann/HAM/Lotus@lotus.com
Received: from internet2.lotus.com (internet2 [9.95.4.236]) by lotus2.lotus.com (8.8.8/8.8.7) with ESMTP id KAA01730 for <ietf-pkix@imc.org>; Tue, 13 Oct 1998 10:16:17 -0400 (EDT)
Received: from mta2.lotus.com (MTA2.lotus.com [9.95.5.6]) by internet2.lotus.com (8.8.8/8.8.7) with SMTP id KAA22966 for <ietf-pkix@imc.org>; Tue, 13 Oct 1998 10:10:04 -0400 (EDT)
Received: by mta2.lotus.com(Lotus SMTP MTA v4.6.3 (723.2 9-26-1998)) id 8525669C.004E6BB4 ; Tue, 13 Oct 1998 10:16:33 -0400
X-Lotus-FromDomain: LOTUSINT@LOTUS@MTA
To: ietf-pkix@imc.org
Message-ID: <8525669C.004BA8A9.00@mta2.lotus.com>
Date: Tue, 13 Oct 1998 15:32:51 +0200
Subject: Question about Basic Authentication Scheme
Mime-Version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA17884
Sender: owner-ietf-pkix@imc.org
Precedence: bulk

Hello,

In draft-ietf-pkix-ipki3cmp-08.txt  Certification Management Protocol the basic
authentication scheme is described as:
 End entity                                          RA/CA
      ==========                                      =============
           out-of-band distribution of Initial Authentication
           Key (IAK) and reference value (RA/CA -> EE)
      Key generation
      Creation of certification request
      Protect request with IAK
                    -->>--certification request-->>--
                                                     verify request
                                                     process request
                                                     create response
                    --<<--certification response--<<--
      handle response
      create confirmation
                    -->>--confirmation message-->>--
                                                     verify confirmation

The Initial Authentication Key (IAK) distributed by the CA/RA is not used in
PKCS#10 described in RFC 2314. In that RFC the process of designing a
certification request will be carried out without the IAK. So why use it?? IsnĀ“t
it better to use the private key for encrypting the certificate request message
rather than using the IAK?

Thanks for answering,
Stefan

v2.23.0 | Report a Bug | By Email