[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The world according to MCR

Michael Richardson writes:
> 5. IKE SA's w/non-fixed IP address
> 	Yael Dayan
> 	Aggressive mode with preshared key.

I don't think this should be limited to pre shared keys. The RSA/DSA
signature modes are also vulnerable to the doing KE payload generation
and even signature calculation based on the first aggressive mode
packets without any kind proof that there is somebody in the other

So if we really are concerned about the spoofed IP source address and
doing heavy calculation based on that we should not allow using
aggressive mode. 

> 	A user with a non-constant IP address, then we must use
> 	Aggressive mode. 
> 	The problem is that the responding (the gateway) must do DH operations
> 	before it really knows if the user is legit.
> 	Proposal for a New Phase I Exchange.
> 	[MCR's comment: Vendor ID payloads can be used in Aggressive
> 	mode to enable a new feature]a

No, you really cannot. This is clearly new exchange type, and needs to
get new exchange type number. There is no need to add vendor id in the
new exchange type. I think we need some kind of document telling how
to use vendor-id, private address spaces (in different places) etc. 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

Follow-Ups: References: