[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New XAUTH draft

To: Dan Harkins <dharkins@network-alchemy.com>
Subject: RE: New XAUTH draft
From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
Date: Thu, 30 Sep 1999 14:33:26 +0100
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

I'm not suggesting that anyone should be happy with insecurity. My point was
that there are ways to make the distribution of group pre-shared secrets
secure, and if that is the policy adopted by a customer, the protocol should
not prevent that.

I am not saying pre-shared is 'great', and group-pre-shared is obviously n
times more risky, but if the customer manages these risks effectively, the
choice is his.
There is no difference to the IKE protocol which is used, so it has no
business (IMHO) mandating one over the other, and has no way of restricting
it anyway.

I think this is a small issue of wording. I'm agreeing that recommendations
could be made and discussed in the draft.

Cheers, Steve.

-----Original Message-----
From: Dan Harkins [mailto:dharkins@Network-Alchemy.COM]
Sent: Wednesday, September 29, 1999 9:55 PM
To: Waters, Stephen
Cc: ipsec@lists.tislabs.com
Subject: Re: New XAUTH draft 


  A policy decision? I guess everything could be called a policy decision
but we're trying to build _secure_ protocols here. No one is being stopped
from doing something insecure. If they're happy with insecurity (e.g. if
they have a stated policy that an unauthenticated Diffie-Hellman is fine) 
they can do it without IKE. And there are other examples of mandating secure

behavior (which could easily be called "a policy decision") in our various 
documents so I don't see this restrictive.

  What do you gain by allowing patently insecure use of a security protocol?

  Dan.

On Wed, 29 Sep 1999 13:36:53 BST you wrote
> 
>     "Due to restrictions in [IKE] regarding the use of Main Mode and 
>     pre-shared keys this protocol MUST NOT be used with [IKE] when
>     doing Main Mode and pre-shared key authentication. Further, it MUST
>     NOT be used with any key exchange protocol in which the parties
>     to the exchange authenticate each other using a "group" pre-shared key

>     (i.e. one that is shared by more than the two parties to the
exchange)."
> 
>   
> Dan,  I think this is too restrictive.  What if I decide to use
> main-mode/pre-shared for device level authentication, and XAUTH for
> user-level authentication?
> 
> Also, the part about using a "group" pre-shared key is a policy decision,
in
> my view.  If the user/manager is happy with the security policy protecting
a
> "group" pre-shared key, that should be his policy decision, not ours.  It
> may be worth some text in the 'Security Considerations', but I don't think
> this should even be a "SHOULD" in the protocol itself. 
> 
> Cheers, Steve.

Follow-Ups:

Re: New XAUTH draft

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: ICMP errors to IPSECed data?
Next by Date: ICMP errors to IPSECed data?
Prev by thread: Re: New XAUTH draft
Next by thread: Re: New XAUTH draft
Index(es):
- Main
- Thread