[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Basic IKE authentication question
>>>>> "Ramon" == Ramon Hontanon <hontanon@uu.net> writes:
Ramon> - Pre-shared keys (i.e. some string that both peers agree upon in advance)
Ramon> - X.509 certs from a Certificate Authority
Ramon> But how about:
Ramon> - Manual distribution of public keys (Cisco's IKE implementation)
If you already have the public key in your trusted certificate cache,
(i.e. via manual distribution of public keys), then you don't care if the
keys are signed by a CA or not. All that matters is that you have the
key in the right format so that it has a DN/altName that corresponds to
the value in ID payload.
Ramon> - Unverified public key exchange (like ssh)
I don't think this is quite a fair comparison. SSH does verify the
public key --- provided you already have it. It simply provides a non-manual
way to get an unverified public key into its trusted store.
I don't see a problem with implementing this policy with IKE: the initiator
simply always provides their certificate (asked for or not), and the
responder uses its "anonymous" policy. I.e. this is in the realm of
implementations to deal with opportunistic encryption.
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
References: