[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: KISS for PKIX. (Was: RE:Asymmetric authentication (was ASN.1 vs XML which in turn was something else)
> >>On a related point, since IKE XAUTH is typically one-way (server
> >>authenticating client), secondary authentication does leave the problem of
> >>the server being spoofed with a compromised key!
>
> >I thought it was one way the other way, i.e., server is authenticated to
> >client via a cert, but client uses only "legacy" auth to server. If it
> >were the other way around it would be awful, as it would open a variety of
> >attacks against the legacy systems which could diminish their
> >effectiveness. For example, S/Key is very vulnerable to active server
> >spoofing attacks.
>
> I think there has been a proposal along those lines (asymmetric
> authentication), but the XAUTH draft does not cover that (I don't think). A
> normal symmetric Phase-1 authentication
> (pre-shared,signature,encrypted-nonce) is followed by a one-way secondary
> authentication via XAUTH.
>
> Cheers, Steve.
The "Hybrid Authentication" draft:
draft-ietf-ipsec-isakmp-hybrid-auth-02.txt
discusses asymmetric authentication (server is authenticated via
a digital signature and the client uses OTP/token card etc). The
hybrid authentication draft uses a slight modification of Main/Aggressive
mode in which only the responder (server) is authenticated --
the initiator sends only a hash rather than a signature. This is
immediately followed by an XAUTH exchange in which the client
authenticates to the server using a "legacy" mechanism. This
approach is very similar to how web-based banking works -- the
bank's server is authenticated via a signature during SSL negotiation
and the user is authenticated via a password sent over HTTPS.
I don't quite see the motivation behind XAUTH if it is used in
conjunction with regular Main/Aggressive mode since each of those
modes provides mutual authentication. If the client has already
been authenticated in Main/Aggressive mode, what is the additional
functionality provided by XAUTH? Or is it that the pre-shared key
used in Main/Aggressive mode common to *all* clients (e.g. all
corporate employees) and XAUTH is used to identify a particular
client?
thanks,
vipul
Follow-Ups: