[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KISS for PKIX. (Was: RE:Asymmetric authentication (was ASN.1 vs XML which in turn was something else)
On Tue, 20 Jul 1999 10:48:48 PDT Vipul Gupta wrote
>
> I don't quite see the motivation behind XAUTH if it is used in
> conjunction with regular Main/Aggressive mode since each of those
> modes provides mutual authentication. If the client has already
> been authenticated in Main/Aggressive mode, what is the additional
> functionality provided by XAUTH? Or is it that the pre-shared key
> used in Main/Aggressive mode common to *all* clients (e.g. all
> corporate employees) and XAUTH is used to identify a particular
> client?
Exactly! I brought this point up back in May. If the IKE SA has been
authenticated properly then XAUTH doesn't buy you anything. You have
the double burden of supporting a PKI and some legacy database and
the user gets yet another dialog box asking for yet another passphrase.
I find it very hard to believe that this is what people are doing when
I hear that "customers want XAUTH".
For XAUTH to provide anything the IKE SA is authenticated with some
shared key and then the "client" authenticates himself to the "server"
with the legacy method. The problem with this is that the IKE SA and
all the SKEYID state is not authenticated. Therefore all the keys in
the IPSec SAs are not authenticated. Depending on the legacy method
this can be open to a man-in-the-middle attack too.
draft-ietf-ipsec-internet-key-00.txt is an April Fool's draft but
the security considerations is right on in this respect.
Dan.
References: