[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying


I am copying your original message to me to ipng, since my response below
specifically addresses issues in the IPng security drafts. I am not sure why
you sent your message only to ipsec.

You write :

>  From rja@bodhi.itd.nrl.navy.mil Wed Mar  8 12:38:00 1995
>  To: Dan Nessett <Danny.Nessett@Eng>
>  Subject: Re: user-to-user vs. host-to-host keying
>  Cc: ipsec@ans.net
>  Mime-Version: 1.0
>  Dan
>    You confuse my "illustrative examples" for "sole justifications"
>  very consistently.  My text includes a fair number of illustrative
>  examples.  It does not include voluminous justifications for every
>  item that has been discussed either on the IPng list or the IPsec
>  list or at past IETF meetings in order to remain readably short.
>    There are a number of reasons for user-to-user keying to be mandatory
>  to implement.  One remains the desire to reduce risk of chosen
>  plaintext attacks.  The only key management _mandated_ by IPv6
>  is manual key distribution.  Because development of a scalable
>  key management protocol is outside the charter of the IPng working
>  group and no such standards-track RFC exists now, this is all that
>  can be mandated at this time.  Phil Karn and others are working hard
>  on developing such a scalable key management protocol and I am
>  optimistic that the Internet will have one in the future, but we
>  do not have one now.
>  Regards,
>  Ran
>  atkinson@itd.nrl.navy.mil

When you argue that : 

> The only key management _mandated_ by IPv6 is manual key distribution.

you mislead. Allow me to quote from the current IPv6 security architecture draft
(page 7):

"4.3 Automated Key Distribution
     Widespread deployment and use of IPv6 security will require an
   Internet-standard scalable key management protocol ...

   					    ...    Hence, support for
   user-to-user keying must be present in all IPv6 implementations, as is
   described in the "IPv6 Key Management Requirements" section below."

This is a requirement that all IPv6 implementations support user-to-user
keying. This is what I am objecting to. User-to-user keying should not be
required of conformant IPv6 implementations. It is unnecessary to deal
with the threats you call out.

You suggest in your message that there may be other reasons for using
user-to-user keying. If so, I think these should be given in the I-Ds,
since the ones you do give are to weak to justify the mandatory requirement.