[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: linux-ipsec: Decrypting ID payload in Main Mode w/shared secrets
| From: John Gilmore <gnu@toad.com>
| My suggestion is that the "pre-shared key" used to generate SKEYID for
| the third exchange in Main Mode (the ID payload and the hash) be set
| to some generic open secret, unless the parties know a secret specific
| to their IP addresses.
I think that this is a reasonable stab at trading a little to get
support for an unknown IP address.
This requires each party to know whether the other party knows its IP
address -- one piece of information beyond what is needed. Perhaps it
would be better to allow the sender to use either form of SKEYID and
require the receiver to try both if it can generate both. The sender
can use the universal shared secret if (a) it is not sure that the
receiver knows its identity from its IP address, and (b) it is willing
to give up one layer of man-in-the-middle protection.
This could be generalized to, say, a hierarchy of shared secrets, but
I think that way lies madness.
In a sense this is backward compatible. For the possibly-unknown
case, it doesn't work with old IKEs, but there was no other way that
would. For the know-to-be-known case, this is compatible.
Perhaps a more conservative approach would be to add either a header
flag or a new exchange type for this.
Implementors (and others):
- What have you implemented for this problem?
- Would you be willing to throw this proposal into your system?
Sooner rather than later?
- Is there another approach that you find more appealling?
We want to solve this problem AND interoperate.
Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253
Follow-Ups:
References: