[VOIPSEC] splitting hairs over "authentication" (or not)

Bill Flanagan flanagan at flanagan-consulting.com
Tue Jun 20 19:45:06 CDT 2006 

Not splitting hairs at all.  There are two distinct functions here,
--authentication = assurance that the user/correspondent is as 
identified  (user/password and up)
--encryption = preventing other parties from reading the message (DES, AES)

and we might at a couple of other related concepts that need to be 
distinguished as well:
--non-repudiation = proof that the indicated party actually participated 
in the transaction.  (digital signature)
--verification = protection against change of message content (I'm NOT 
calling this is authentication)  (signed hash, etc.)

If we don't have a lexicon for our concepts, we can never discuss them 
fruitfully because we'll never be certain of what any one else is saying.

Bill
(who learned that in Physics, not English classes)


Voipsec-request at voipsa.org wrote:

>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Tue, 20 Jun 2006 09:34:30 -0400
>From: "Geoff Devine" <gdevine at cedarpointcom.com>
>Subject: Re: [VOIPSEC] An issue of trust?
>To: <Voipsec at voipsa.org>
>Message-ID:
>	<9CDE330E7358724EA30D93598D24DE4A01F2FA29 at exchange.cedarpointcom.com>
>Content-Type: text/plain;	charset="us-ascii"
>
>Andy Zmolek writes:
>	
>  
>
>>Splitting hairs about authentication vs. encryption
>>    
>>
>
><snip>
>
>I struggle with the terminology.  The way I (mis?)use the term
>authentication, it can mean both:
>
>Logging In: IKE, Kerberos, SIP digest...  I guess this is "session
>authentication"
>
>Per-packet trust mechanism: SHA1, MMH...  I guess this is "packet
>authentication"
>
>>From context, it's not always obvious to me which one someone is talking
>about.  Are there better terms to distinguish between these two very
>different chunks of security technology?
>
>Geoff
>
>  
>
-- 
____________________________________________
William Flanagan        Ph:  +1.703.242.8381
Flanagan Consulting     Fx:  +1.703.242.8391
45472 Holiday Dr. #3, Sterling, VA 20166 USA
www.flanagan-consulting.com

"Beware of false knowledge; it is more dangerous than ignorance."
                                        --George Bernard Shaw

More information about the Voipsec mailing list