How do IKE peers synchronize public keys ?

[Sara Bitan <sarab@radguard.com>]

Suppose two IKE peers want to issue an ISAKMP sa using RSA signature (or
encryption) mode.
The initiator has two certificates, one from CA A, and another from CA
B. He now has two make a decision which public key to use for the ID
message authentication.
So he sends two certificate requests to the responder, one
with CA A, the other with CA B. There is a hidden assumption here, taken
by the initiator : if the responder sends back a certificate or a
certificate chain) for a certain CA then he is ready to use a
certificate (chain) issued by this CA.

Assume further that the responder has certificates both from CA A and
from CA B, so he sends both certificates to the initiator. 
The initiator now uses one of his keys (either the one certified by CA
A, or the one certified by CA B) to authenticate the ID message. The
responder doesn't know which key was used by the initiator (unless he
checks all possibilities).

I think that this scenario is possible with the current IKE/ISAKMP
drafts.
A possible solution might be that the responder will
send always only one certificate, and this certificate will be used for
the authentication. We can view that as a proposal for several
certificate sent by the initiator, to which the responder answer with a
single choice.

The problem becomes even worse when both peers start caching their
certificates. If you have several certificates you have already received
from a peer, how do you know which one to use to authenticate his ID
message?


 Thanks, Sara.

---

Follow-Ups:

• How do IKE peers synchronize public keys ?
• From: Tero Kivinen <kivinen@ssh.fi>

---

• Prev by Date: IBM VPN Bakeoff Issues
• Next by Date: How do IKE peers synchronize public keys ?
• Prev by thread: two questions
• Next by thread: How do IKE peers synchronize public keys ?
• Index(es):
  • Main
  • Thread