[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New XAUTH draft
Hi Tim,
Tim Jenkins wrote:
<trimmed...>
> Are you perhaps mixing up XAUTH with the hybrid draft?
>
> The only way XAUTH reduces the existing authentication of IKE is if
> the sysadmin use pre-shared key authentication and share it everywhere
> or set it to null (if that's even possible).
>
> Hybrid, on the other hand, does allow one end to drop the existing forms
> of authentication. But even then, the problem it's trying to solve does
> have a place with customers.
Actually, I wasn't referring only to the strength of the authentication,
although I think it's a valid thing to discuss. Presumably, secondary
authentication is considered valuable because the primary mechanism is
somehow at risk, e.g. the client's cert is in software, someone might
walk off with the smart card, etc. In these cases, assume the worst has
happened, and now I'm trying to access your network. If all I have to do
is guess a passphrase, attacking your network seems something more
doable, when compared to, say, breaking a private/public keypair. On the
other hand, I know there are bolstering mechanisms (e.g. repeated
challenge + rsp, secureid-type token generators, etc) which may mitigate
this risk.
Perhaps more importantly, I was also referring to the stability,
analyzability, and other security-related properties of IKE. I think
adding proxy servers for even 1 (let alone 16) secondary authentication
protocols substantially impacts upon the security characteristics of the
implementation.
Scott
References: