[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC2409




On Fri, 11 Jun 1999, Valery Smyslov wrote:

> On 11 Jun 99 at 9:57, Ivars Suba wrote:
> 
> > The essence of attack is following: 
> >  Initiator(chess Grandmaster#1) and Responder(chess Grandmaster#2) trust
> > Cheater(chess novice) and vice versa, however they don't trust each other.
> > Grandmaster#1 and Grandmaster#2 are convicted that they play chess with
> > novice and are surprised by novice's phenomenal chess proficiency, but have
> > not understood that they actually play each other. In this type of attack
> > novice play pipe role with some cryptographic transformations as decryption
> > of IDi (IDr) and Ni (Nr), encryption IDc and Ni(Nr) with other's Grandmaster
> > public key and forwarding with KEi (KEr).
> 
> What benefits will gain Cheater playing such behaviour?
> 
> Does this situation differ from one when we have 2 "legitimate" 
> ISAKMP SA (one from Grandmaster#1 to Cheater and the other from 
> Cheater to Grandmaster#2) and Cheater just plays the same pipe role? 
> 
> Valery Smyslov.

I think we all agree that there is no real attack here.
On the other hand, the situation is NOT equivalent to 
what you describe above. If C would only be relaying messages
between I and R then I would end thinking he exchanged the key 
with R, and R will thing she exchanged a key with I.
In the scenario described by Ivars they both think they exchanged a key 
with C which is the correct belief. The fact that C does not
know the key is C's problem (a cheater can always exchange a DH key
using an exponent g^x for which C does not know x, it's his problem).

Hugo



Follow-Ups: References: