[SPKM] SPKM-3 mutual authentication with DH certificates

S Rahul <srahul@novell.com> Mon, 13 July 2009 04:48 UTC

Return-Path: <srahul@novell.com>
X-Original-To: spkm@core3.amsl.com
Delivered-To: spkm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F13F3A6A80 for <spkm@core3.amsl.com>; Sun, 12 Jul 2009 21:48:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.566
X-Spam-Level:
X-Spam-Status: No, score=-99.566 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_XBL=3.033, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1eFl6g+i9T33 for <spkm@core3.amsl.com>; Sun, 12 Jul 2009 21:48:21 -0700 (PDT)
Received: from blr-dsmaster1.blr.novell.com (ecoprobe-dmz.gns.novell.com [192.31.114.252]) by core3.amsl.com (Postfix) with ESMTP id 53EC33A6B87 for <spkm@ietf.org>; Sun, 12 Jul 2009 21:48:19 -0700 (PDT)
Received: from sikandar.blr.novell.com ([164.99.136.106]) by blr-dsmaster1.blr.novell.com with ESMTP (TLS encrypted); Mon, 13 Jul 2009 10:18:46 +0530
From: S Rahul <srahul@novell.com>
Organization: Novell
To: spkm@ietf.org
Date: Mon, 13 Jul 2009 10:18:57 +0530
User-Agent: KMail/1.8
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200907131018.58378.srahul@novell.com>
Subject: [SPKM] SPKM-3 mutual authentication with DH certificates
X-BeenThere: spkm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Low Infrastructure Public Key GSS mechanism <spkm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spkm>
List-Post: <mailto:spkm@ietf.org>
List-Help: <mailto:spkm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2009 04:48:21 -0000

Hi,

I wanted to use SPKM-3 mutual authentication with DH certificates. Is this 
possible ? I am not sure if the RFC/drafts allow that.

I wanted to know if dhKeyAgreement can be selected for K-ALG in Req-contents 
-> key-estb-set and Req-contents -> key-estb-req be left undefined. This 
could tell the target to pick up the DH public key from SPKM-REQ -> 
certif-data -> certificationPath -> userCertif. Similarly, Rep-ti-contents 
could contain a DH certificate in the target certificate field. If the DH 
parameters are same for client and server public keys, the Rep-ti-contents -> 
key-estb-str could be omitted. If server does not have DH certificate, 
Rep-ti-contents -> key-estb-str would have random DH public key as described 
in the RFC.

Thanks,

-Rahul