VJ,
My understanding is that symmetric key encryption does not provide
MECHANISMS for authentication and non-repudiation. The system is able to
provide authentication between users and a level of confidentiality is
provided as a result, but it seems to be implied.
Witness the following statement: "crucial aspects of confidentiality are
user identification, authentication and authorization" (from the Official
ISC2 Guide). So it seems, that if authentication is involved, so is
confidentiality, and vice-versa.
And since two people are sharing a session that is undeniable when the keys
are exchanged, it is non-repudiated by default....
Still, it's confusing, and I think it's an interesting discussion.
Experience CISSP's, please weigh in?
Thanks,
Rand
On 5/5/05, Vijay Kumar <vijaychhipa@yahoo.com> wrote:
One of the books I read gave example of how symmetric encryption can be
used for authenticating to another entity with whom you have a shared
secret.
Yet, the Shon Harris books says that symmetric encryption only provided
Confidentiality and integrity but not auth and non repudiation.
Who is right?
Thanks
------------------------------
*Yahoo! Groups Links*
- To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
- To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com<CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
--
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
