[anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal at finney.org) (fwd from touch at ISI.EDU)

[Peter Gutmann]

Eugen Leitl <eugen at leitl.org> writes:

>It does not authenticate the endpoint's identification, other than "same place
>I had been talking to."

So in other words it's the same baby-duck security model that's been quite
successfully used by SSH for about a decade, is also used in some SSL
implementations that don't just blindly trust anything with a certificate
(particularly popular with STARTTLS-enabled MTAs/MUAs where you don't want to
bother with CA-issued certs), and is even used in various X.509 applications
(via "certificate fingerprints"), although the X.509 folks don't like to admit
that because it implies that a known-good cert fingerprint is more reliable
than a CA :-).

Maybe it's worth doing some sort of generic RFC for this security model to
avoid scattering the same thing over a pile of IETF WGs, things like the
general operational principles (store a hash of the server key, compare it on
subsequent connects), how to present the value to the user (a format that's
consistent across protocols would be nice), maybe a simple /etc/passwd-type
file format listing servers and their matching hashes, etc etc etc.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com