Re: More questions on ID types

[suresh@livingston.com (Pyda Srisuresh)]

Ooops... Clarification to my last e-mail
> 
> > 
> > On: Wed, 01 Jul 1998 10:59:38 PDT you wrote
> > [snip]
> > > >   A "reserved mode" (I like that) can be written up in a draft but Main
> > > > Mode is not changing at this point in time. Sorry Bryan but this point was
> > > > discussed about a year ago and the resolution is what you see today. If
> > > > you want to allow remote access with pre-shared keys use Aggressive Mode.
> > > > If you don't want to expose a meaningful identity use ID_KEY_ID as the
> > > > identity to which the pre-shared key is bound.
> > > > 
> > > >   Dan.
> > > > 
> > > 
> > > It is good to note that the issue came up earlier and was discussed, 
> > > even though I dont like the alternative you suggest. In order to not expose 
> > > the actual identities, the vendors would have to agree on an out-of-band
> > > encryption by which to encrypt the ID in the vendor specific ID_KEY_ID.
> > > This is yet another encryption, and yet another out-of-band requirement
> > > in addition to the pre-shared key. Also, as Bryan pointed out, it
> > > is a layer violation in that a pre-shared key has to be assusmed based 
> > > on the src address (in IP header) rather than ID payload.
> > 
> >   What encryption? An ID is not encrypted "in the vendor specific ID_KEY_ID".
> > 
> >   The vendors have to agree on the pre-shared key out-of-band so in the same 
> > out-of-band channel they agree to bind the key to an opaque blob. e.g. the 
> > pre-shared key is "mekmitasdigoat" and the blob is "geukghisohfewh". That 
> > blob is not encrypted it is just meaningless outside the two peers. When 
> 
> What could have been a meaningful ID (such as foobar@foo.bar.com) is now
> having to be turned into a blob like "geukghisohfewh" by the vendors. This 
> is what I meant by having to encrypt the ID.
> 
> > someone presents and ID (whose type is ID_KEY_ID) of "geukghisohfewh" and 
> > provides proof of knowledge of the pre-shared-key associated with that then 
> > you've authenticated that party. The pre-shared key is based on the contents 
> > of the ID payload _not_ on address.
> 
> OK. 

If main mode of exchange is permitted with pre-shared keys, the draft does
state (section 5.4)  that the pre-shared key can only be identified by
initiator based on the IP address of the responder and not his ID payload. 
And, pre-shared keys MUST be permitted in Main mode because:

      Main mode is a MUST; Aggressive mode is a SHOULD.
      Authentication via pre-shared keys is a MUST.

Pre-shared keys could be used in aggressive mode, as you say.
But the ID type is in the clear. Vendors may need to transform the 
actual IDs (like foo@foo.com) into some undecipherable blobs and use 
ID_KEY_ID type IDs if they need to conceal real identity.


> 
> > 
> >   If you don't like the solution then write up yet another authentication
> > method for IKE and let us all throw darts at it. What is there now is not
> > changing. Period. Full stop. End of discussion.
> > 
> 
> You misunderstood what I said. I wasnt saying I did not like the solution 
> you proposed in the draft. Rather, I was asking for a rationale, because I 
> was not present at the earlier IPsec meetings and am not privy to discussions
> on the subject otherwise. Hope you understand.
> 
> >   Dan.
> > 
> > 
> 
> cheers,
> suresh
> 

cheers,
suresh

---

References:

• Re: More questions on ID types
• From: suresh@livingston.com (Pyda Srisuresh)

---

• Prev by Date: Re: More questions on ID types
• Next by Date: Revised drafts -- Arch, AH, ESP
• Prev by thread: Re: More questions on ID types
• Next by thread: Revised drafts -- Arch, AH, ESP
• Index(es):
  • Main
  • Thread