Question about Basic Authentication Scheme
Stefan_Salzmann/HAM/Lotus@lotus.com Tue, 13 October 1998 16:40 UTC
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.8.5/8.8.7a) with ESMTP id MAA29446 for <pkix-archive@odin.ietf.org>; Tue, 13 Oct 1998 12:40:48 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA17888 for ietf-pkix-bks; Tue, 13 Oct 1998 07:10:54 -0700 (PDT)
Received: from lotus2.lotus.com (lotus2.lotus.com [192.233.136.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA17883 for <ietf-pkix@imc.org>; Tue, 13 Oct 1998 07:10:52 -0700 (PDT)
From: Stefan_Salzmann/HAM/Lotus@lotus.com
Received: from internet2.lotus.com (internet2 [9.95.4.236]) by lotus2.lotus.com (8.8.8/8.8.7) with ESMTP id KAA01730 for <ietf-pkix@imc.org>; Tue, 13 Oct 1998 10:16:17 -0400 (EDT)
Received: from mta2.lotus.com (MTA2.lotus.com [9.95.5.6]) by internet2.lotus.com (8.8.8/8.8.7) with SMTP id KAA22966 for <ietf-pkix@imc.org>; Tue, 13 Oct 1998 10:10:04 -0400 (EDT)
Received: by mta2.lotus.com(Lotus SMTP MTA v4.6.3 (723.2 9-26-1998)) id 8525669C.004E6BB4 ; Tue, 13 Oct 1998 10:16:33 -0400
X-Lotus-FromDomain: LOTUSINT@LOTUS@MTA
To: ietf-pkix@imc.org
Message-ID: <8525669C.004BA8A9.00@mta2.lotus.com>
Date: Tue, 13 Oct 1998 15:32:51 +0200
Subject: Question about Basic Authentication Scheme
Mime-Version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA17884
Sender: owner-ietf-pkix@imc.org
Precedence: bulk
Hello, In draft-ietf-pkix-ipki3cmp-08.txt Certification Management Protocol the basic authentication scheme is described as: End entity RA/CA ========== ============= out-of-band distribution of Initial Authentication Key (IAK) and reference value (RA/CA -> EE) Key generation Creation of certification request Protect request with IAK -->>--certification request-->>-- verify request process request create response --<<--certification response--<<-- handle response create confirmation -->>--confirmation message-->>-- verify confirmation The Initial Authentication Key (IAK) distributed by the CA/RA is not used in PKCS#10 described in RFC 2314. In that RFC the process of designing a certification request will be carried out without the IAK. So why use it?? IsnĀ“t it better to use the private key for encrypting the certificate request message rather than using the IAK? Thanks for answering, Stefan
- Question about Basic Authentication Scheme Stefan_Salzmann/HAM/Lotus