[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX. (Was: RE:Asymmetric authentication (was ASN.1 vs XML which in turn was something else)




> >>On a related point, since IKE XAUTH is typically one-way (server
> >>authenticating client), secondary authentication does leave the problem of
> >>the server being spoofed with a compromised key!
> 
> >I thought it was one way the other way, i.e., server is authenticated to
> >client via a cert, but client uses only "legacy" auth to server.  If it
> >were the other way around it would be awful, as it would open a variety of
> >attacks against the legacy systems which could diminish their
> >effectiveness.  For example, S/Key is very vulnerable to active server
> >spoofing attacks.
> 
> I think there has been a proposal along those lines (asymmetric
> authentication), but the XAUTH draft does not cover that (I don't think). A
> normal symmetric Phase-1 authentication
> (pre-shared,signature,encrypted-nonce) is followed by a one-way secondary
> authentication via XAUTH.
> 
> Cheers, Steve.

  The "Hybrid Authentication" draft:
  
      draft-ietf-ipsec-isakmp-hybrid-auth-02.txt
      
  discusses asymmetric authentication (server is authenticated via
  a digital signature and the client uses OTP/token card etc). The
  hybrid authentication draft uses a slight modification of Main/Aggressive
  mode in which only the responder (server) is authenticated --
  the initiator sends only a hash rather than a signature. This is 
  immediately followed by an XAUTH exchange in which the client
  authenticates to the server using a "legacy" mechanism. This 
  approach is very similar to how web-based banking works -- the
  bank's server is authenticated via a signature during SSL negotiation
  and the user is authenticated via a password sent over HTTPS.
  
  I don't quite see the motivation behind XAUTH if it is used in
  conjunction with regular Main/Aggressive mode since each of those
  modes provides mutual authentication. If the client has already
  been authenticated in Main/Aggressive mode, what is the additional
  functionality provided by XAUTH? Or is it that the pre-shared key
  used in Main/Aggressive mode common to *all* clients (e.g. all 
  corporate employees) and XAUTH is used to identify a particular
  client?
  
  thanks,
  
  vipul
  




Follow-Ups: