[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Requesting

To: Roy Pereira <rpereira@TimeStep.com>
Subject: Re: Certificate Requesting
From: Daniel Harkins <dharkins@cisco.com>
Date: Mon, 23 Feb 1998 13:17:45 -0800
Cc: "'Greg Carter'" <greg.carter@entrust.com>, "'IPSEC Mailing List (E-mail)'" <ipsec@tis.com>
In-Reply-To: Your message of "Mon, 23 Feb 1998 15:15:39 EST." <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-980223201539Z-458@tsntsrv2.timestep.com>
Sender: owner-ipsec@ex.tis.com

  Roy,

> The additional exchange scenario that you do not agree with only happens
> if the initiator does not send a certificate and the responder does not
> have it.  The responder will then append a CertReq payload to the ISAKMP
> message.  If the initiator receives the CertReq in the sixth message of
> MainMode (RSA_SIG), then he must reply back with his certificate in a
> MainMode message.  He may also append a CertReq to that message if the
> responder did not include a certificate in the sixth message and he does
> not have it.  This would force the responder to reply back with his
> certificate.
> 
> This scenario was brought forth by a rather large software corporation
> since this is what they do in their IPSec implementation.
[snip]

  Perhaps I'm missing something here but you're asking for the cert's
too late. You need them to verify the signature but you're not asking
for them until you've already, presumably, authenticated your security
association by checking the peer's signature.

>>        Initiator                          Responder
>>       ----------                         -----------
>>        HDR, SA                     -->
>>                                    <--    HDR, SA
>>        HDR, KE, Ni                 -->
>>                                    <--    HDR, KE, Nr
>>        HDR*, IDii, [ CERT, ] SIG_I -->
>>                                    <--    HDR*, IDir, [ CERT, ] SIG_R[,
>>CERTREQ 
>>        [ HDR*, CERT [, CERTREQ]          --> 
>>				    [<--    HDR*, CERT ] ] ]
>>  

If the Initiator didn't send his cert in his 3rd message then the
responder wouldn't be able to verify his signature and would abort
the communication. Why not send a CERTREQ in the 2nd messages. That
way you're still keeping a modicum of identity protection (sending it
in the 1st messages requires the other party to respond with his cert
in the clear). 

At the point you're sending the KE and nonce payloads you know what your
authentication method is. If it's signature based and you don't have a
cert for the peer (granted it's tough to know if you do since all you have
to go on at that point is IP address and not everyone will be encoding an
IP address in their certs) send the CERTREQ then.

Why the need for the extra round trip? And the suspension of authentication
and retention of state? Am I missing something here?

  Dan.

References:

RE: Certificate Requesting

From: Roy Pereira <rpereira@TimeStep.com>

Prev by Date: RE: new draft-ietf-ipsec-isakmp?
Next by Date: RE: Certificate Requesting
Prev by thread: RE: Certificate Requesting
Next by thread: RE: Certificate Requesting
Index(es):
- Main
- Thread