[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on "Hybrid Auth. mode for IKE"

To: moshe@checkpoint.com
Subject: Re: Comments on "Hybrid Auth. mode for IKE"
From: Kai Martius <admin@imib.med.tu-dresden.de>
Date: Mon, 27 Jul 1998 08:58:54 +0100
CC: ipsec@tis.com
Organization: Uniklinik TUD
Reply-to: kai@imib.med.tu-dresden.de
Sender: owner-ipsec@ex.tis.com

Moshe,

just another opinion to the "hybrid authentication draft".

First some general thoughts:

There's no doubt to need good migration paths from "80's technology" 
to new one but I have some concerns doing it the way your I-D 
proposes:

1. In general, I believe, providing too much of backward 
compatibility would probably delay the implementation of more 
secure authentication mechanisms, especially certificate based auth. 
including a global PKI. IKE could be a good catalyst deploying 
stronger auth. schemes. And it already provides a good migration 
path by its pre-shared key mode (PSK) where NO PKI is needed. So the 
compatibitility to older systems should build on this mode. (All 
token systems I know are based on symmetric crypto - like PSK mode. 
At least for S/KEY I could imagine it's very easy to use it in a kind 
of "one-time-PSK" mode).

2. The discussion on more or less databases to manage I don't 
understand - basically there is _one_ importent database which 
assigns certain rights to a USER. With cert-based auth. you have less 
databases, because there is already an authenticated user name - with 
any symmetric token system you need to assign the users to the token 
first. 

3. A basic IKE-design principle is the 2-phase-approach of 
authenticating the IKE instances in a first phase and in the second 
phase to exchange keys for clients. Comparing XAUTH and hybrid mode, 
XAUTH keeps the 2-phase-separation cleaner, I think.

In detail to your I-D:

3. You propose using Public-Key-based auth. for the edge device, 
which means a certificate must be known to the mobile user or 
transmitted during "hybrid auth mode"-exchange - so you need to 
verify the cert. on the mobile station, and therefore you need a 
basic kind of PKI, at least with a one-level certification hierarchy. 
But within this hierarcy you can certify your clients too... (I 
absolutely agree Steve, that it's not so difficult to build PKIs in 
a limited organizational environment)

4. (last) your comparison to SSL (Sect. 2.2) is not correct, at 
least not understandable: If a server requests client auth. during 
the SSL handshake the client MUST reply with a certificate. With SSL 
you always need a kind of PKI - there is no migration path with 
pre-shared secrets like in IKE. Anything else above SSL mostely can't 
be called client auth. (especially not a credit card number...)- it 
only depends on the application running on SSL. For the Web, real 
client auth. would only be provided by S-HTTP on a per-document 
basis. 

Kai


# Kai Martius                                                           #
# Dpt. of Medical CS and Biometrics / Dresden University of Technology  #
# PGP Fingerprint: to be compared after download of my key              #
# Key and more info see my Homepage                                     #
# http://www.imib.med.tu-dresden.de/imib/personal/kai.html              #

Follow-Ups:

Re: Comments on "Hybrid Auth. mode for IKE"

From: Moshe Litvin <moshe@checkpoint.com>

Prev by Date: Re: ESP and AH used in tunnel mode by a Security Gateway
Next by Date: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt
Prev by thread: RE: Comments on "Hybrid Auth. mode for IKE"
Next by thread: Re: Comments on "Hybrid Auth. mode for IKE"
Index(es):
- Main
- Thread