1 / 9

Subject Identification Method

Subject Identification Method. November 10, 2003 Jongwook Park, KISA Tim Polk, NIST. Status. New draft –01 published just before the meeting Additional material in KISA draft needs to be merged with current draft Rough consensus between authors on requirements

margueriteowen
Download Presentation

Subject Identification Method

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Subject Identification Method November 10, 2003 Jongwook Park, KISA Tim Polk, NIST

  2. Status • New draft –01 published just before the meeting • Additional material in KISA draft needs to be merged with current draft • Rough consensus between authors on requirements • Open issues remain with respect to syntax that can satisfy these requirements

  3. Concept • Problem • privacy sensitive identifiers cannot be included in certificates as plaintext • Basic Solution • Compute a hash over the identifier and several additional values and include in certificate

  4. Detailed solution • Client contributes a password or random value in addition to SII • RA contributes a second random number to prevent pre-calculation attack by client • Two hash iterations performed • Additional details TBD

  5. Open Issues, I • Should SIM be an extension or an otherName? • otherName in draft –00 • Extension in draft -01 • Should R be included in the SIM extension? • Given R, discovering SII and P is a straightforward brute force attack • Different views on cryptographic strength

  6. PEPSI = H( R || SIItype || H(R || P || SII)) • SIM extension contains R, PEPSI • PEPSI = H( SIItype || H(Ra || Rr || SII))

  7. Open Issues, II • Who should contribute random values to PII generation? • Only the client or both the client and the RA? • What values need to be included in the inner and outer hash computations? • RA generated random used to compute both hashes in –01 • Random values not needed in alternate proposal in outer hash

  8. Issues Raised on List • Why does –01 say a “private extension”? • That was a mistake… • Is there a real need for Alice to prove that she has a legitimate SII, without disclosing it? • The authors believe this is a legitimate requirements

  9. Way Forward • “Authors Consensus” draft to be published by early December • Resolve open issues • Address issues raised on list • Aiming for WG Last Call before Seoul meeting

More Related