[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New XAUTH draft

To: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Subject: Re: New XAUTH draft
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 20 May 1999 10:15:29 -0700
CC: canetti <canetti@watson.ibm.com>, ipsec@lists.tislabs.com, ipsra <ietf-ipsra@vpnc.org>
Organization: RedCreek Communications
References: <319A1C5F94C8D11192DE00805FBBADDFA9715B@exchange>
Sender: owner-ipsec@lists.tislabs.com

Stephane Beaulieu wrote:

<trimmed...>

> > A seemingly "natural" alternative to XAUTH is to first do
> > IKE, and then
> > complete the user authentication via the IPSEC-protected connection
> > (using either AH or ESP). Are there overwhelming arguments to
> > not do it
> > this way, and break the modularity of IPSEC?
> >
> 
> I have heard many say that this is a bad alternative for several reasons.
> One of those reasons is that you end up setting up multiple IPSec SAs which
> should only live for a few minutes.  Let's suppose that you need to talk to
> 3 different devices in order to authenticate / manage a remote user.  For
> example, a user might need to talk to a DHCP server, a RADIUS accounting
> server, and an SDI server.  Then, the SG might need to set up 3 IPSec SAs
> before he's given full access to the network.  This not only takes away from
> the entropy of the phase 1, but creates SA management nightmares as well as
> slow down an edge device.  If your device is supporting ten thousand remote
> users, setting up all these SAs is very expensive.

Since I just suggested something similar in a related post, I'll try to
address a few of these points. I agree that there is added overhead to
this approach, along with added security. However, I'm not sure that any
argument is strong enough to compel us to standardize "budget" security.
I would also add that the alternative is to implement proxies for these
servers within IKE, which with high probability reduces the security of
the IKE implementation.

Regarding the comment regarding the phase 1 entropy, I'm missing the
point, I guess. If you re-use the same key material for more than one SA
under *any* circumstances, you are using up some of the entropy, and I
guess all I'm really hearing is the same overhead argument again. Am I
missing something?

Regarding the cost of setting up the SAs, I agree that it's expensive,
but would present the "budget" security point again, and add that this
if this is the cost of doing business, then it simply means we have to
design our products to deliver.

> 
> Also, many people are adverse to letting anyone onto their network at all
> until they are fully authenticated.  Setting up special conditions for
> management / authentication servers would require special care, and would
> require that all of these servers are invulnerable to attacks.
> 

I think this is a good point, and this is the problem to solve with
respect to my (and Ran Canetti's) previous suggestion.

Scott

References:

RE: New XAUTH draft

From: Stephane Beaulieu <sbeaulieu@TimeStep.com>

Prev by Date: RE: New XAUTH draft
Next by Date: RE: New XAUTH draft
Prev by thread: RE: New XAUTH draft
Next by thread: RE: New XAUTH draft
Index(es):
- Main
- Thread