Re: [TLS] Review of draft-huang-tls-ibe-00
Erick O <ericko0@yahoo.com> Fri, 18 September 2009 14:40 UTC
Return-Path: <ericko0@yahoo.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C1C3C3A6820 for <tls@core3.amsl.com>; Fri, 18 Sep 2009 07:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.515
X-Spam-Level:
X-Spam-Status: No, score=-2.515 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Esb6fgGy7P1K for <tls@core3.amsl.com>; Fri, 18 Sep 2009 07:40:29 -0700 (PDT)
Received: from web45512.mail.sp1.yahoo.com (web45512.mail.sp1.yahoo.com [68.180.197.152]) by core3.amsl.com (Postfix) with SMTP id 807523A67AD for <tls@ietf.org>; Fri, 18 Sep 2009 07:40:29 -0700 (PDT)
Received: (qmail 52422 invoked by uid 60001); 18 Sep 2009 14:41:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1253284884; bh=ju1l9Dgb50AHGXPSE/YcQreOuSuF4GF+yegwu7lMGo4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=rb0ERap8yszkW6Dfim2ugtHPGhHL6ZeHqOciYGttMVOGQTfyyN34YBGj0uGSiwkGQ1o/6k7pdv3/56f517C67jyLLvxPJetCdAqt/GZD7SEtDuep2QRCha2t6ZFg2ksofxxUJdMiP0iO32KpPhnLRpDebfAedh4cNWVA4EWltVk=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=1M1lE2Na//YaP+HdRBvTTdmgFiJtaP98BL0Zx3acCUlQc4nhgzdjrLmVCmqXbl25NGdVostuHyS6mZPeqBb2KiZKZTnsrJxMZzVPWy1ViQfy/yET6Bcli+tngEmDXHN3pMjM9aZxUWOCP2NeRW8BqiL2EhGgOEKYBXpUiYzrEto=;
Message-ID: <37346.51550.qm@web45512.mail.sp1.yahoo.com>
X-YMail-OSG: ln7voigVM1kmNTq5EW0FCqE9xwvhhSBITyq8uGaS2ri3kEVmdPX3LPbJt0F8tBN8i8rwAPsjz9YzuoT2CJOmvIC49eA4LpJBbQPjmnGHW7fHyPJRW2r5DntlT6fFJNBhzQCmKvoyMu0BjK0_SXc_7pdv5IMcW8OUq1LDOhzfQ0C1F.6TFrLrIy4CKUY0_CHt8Evt.djmlC4s0ODqA9W02oyvsycKXAZLYMdOi8M9T8PGxT6yO73v3xLr2uJDYLU-
Received: from [68.106.217.192] by web45512.mail.sp1.yahoo.com via HTTP; Fri, 18 Sep 2009 07:41:23 PDT
X-Mailer: YahooMailRC/157.18 YahooMailWebService/0.7.347.2
References: <20090722042426.378521D0F73@kilo.networkresonance.com> <001801ca0c33$5149d8e0$909a1b0a@china.huawei.com> <20090725020722.008311D1DC1@kilo.networkresonance.com>
Date: Fri, 18 Sep 2009 07:41:23 -0700
From: Erick O <ericko0@yahoo.com>
To: Eric Rescorla <ekr@networkresonance.com>, Min Huang <huangmin@huaweisymantec.com>
In-Reply-To: <20090725020722.008311D1DC1@kilo.networkresonance.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-216967448-1253284883=:51550"
Cc: tls@ietf.org
Subject: Re: [TLS] Review of draft-huang-tls-ibe-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 14:40:30 -0000
________________________________ From: Eric Rescorla <ekr@networkresonance.com> To: Min Huang <huangmin@huaweisymantec.com> Cc: tls@ietf.org Sent: Friday, July 24, 2009 7:07:21 PM Subject: Re: [TLS] Review of draft-huang-tls-ibe-00 At Fri, 24 Jul 2009 15:49:47 +0800, Min Huang wrote: > > > hi, > > Eric Rescorla <ekr at networkresonance.com> wrote: > > >But Mechanism 2 has the same issues as certificates in terms > >of the user being able to override invalid credentials. > > Mechanism 1 is intended to solve this problem, if the client > sends the public parameter sets list which it trusts to server, > and the server only can choose one from the parameter sets list, > there will be no override invalid credentials problems. But as > you metioned before, it brings some other problems to be solved. > So mechanism 2 is provided, it seems more similar to the traditional > PKI mechanism, but it also has the override invalid credentials problem. Yes, my point is that mechanism 1 is unworkable except in very limited applicatione where you could just as well have the client configured not to allow override by the user, and that mechanism 2 does not have what this draft claims is the primary benefit of IBE for TLS. This isn't to say that IBE for TLS doesn't work, but as far as I can tell it doesn't have any real advantages. > >I agree that this benefit is not applicable to TLS. But since > >that's the main technical benefit of IBE... > > It’s true. But in some cases, it can work well. For example, > (1)The server obtains its private key in advance and tells the client > the corresponding public parameter set and ID to be used in keyexchange. > There is no relationship with the main benefit of IBE. Right, and no benefit over the current PKI-based mechanisms. > (2)The client tells the public parameter sets and ID to the server > in handshake process. If there is a real time authentication method > used by the PKG to authenticate the server effectively, then the > server can obtain its private key in the TLS handshake process > immediately. This seems distinctly implausible. > >I don't understand what you're suggesting here. > > I meant that in one specific domain the number of PKGs is not large. > You said "Actually, due to the unique security properties of IBE, > I would imagine there would be more PKGs because the amount of > trust placed in a PKG is much higher than a CA." I am not sure > do you mean that there must be many PKGs that undertake the > responsibility of generating a user’s private key together? > for example, each PKG just shares just one piece of private key, > and a private key can be computed after putting all piece together. No, I mean that sites are currently willing to trust VeriSign to issue their certificates because even a total compromise of VeriSign's infrastructure doesn't retroactively destroy the security of their communications. But this isn't so with IBE, which motivates more local PKGs. > >But this makes the real time problem worse, since the client needs > >to know in advance what keys the server might potentially have, > >otherwise the server will need to get a new key for each client. > > In mechanism 1, the server IDs list is provided by the client and > there must be a problem if the ID contains a data string. There > what they negotiate is the identity information, e.g., email address, > IP address, domain name or other identities which can be used to > indicate the identity of the server. This information does not include > a date string. The actual ID used to compute the public key is provided > by the server after the negotiation. But the consequence of this is that there's no meaningful way to do revocation. > In mechanism 2, it is not a problem. > Because the server ID used in encryption is sent by the server. So it > can directly provide a valid ID containing a valid date string. Sure, but again this has no real benefits over PKI. -Ekr _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Review of draft-huang-tls-ibe-00 Eric Rescorla
- Re: [TLS] Review of draft-huang-tls-ibe-00 Peter Gutmann
- Re: [TLS] Review of draft-huang-tls-ibe-00 Min Huang
- Re: [TLS] Review of draft-huang-tls-ibe-00 Eric Rescorla
- Re: [TLS] Review of draft-huang-tls-ibe-00 Min Huang
- Re: [TLS] Review of draft-huang-tls-ibe-00 Eric Rescorla
- Re: [TLS] Review of draft-huang-tls-ibe-00 Erick O