[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New XAUTH draft



Paul Koning wrote:
> If so, then yes I would agree that this constitutes an attack on
> the system.  But I don't agree that it is a sufficiently serious
> threat to condemn the entire concept, as you have been doing.
>
> So perhaps the next question is: is there consensus that
> this threat is so serious that XAUTH has no meaningful
> applicability in the real world?  If so, then of course the
> draft can't proceed.

Ok, I'm a bit confused on the procedures, but hasn't this issue
already been settled by whatever consensus adopted RFC 2408 (aka
ISAKMP -- the master IPSec document)?  Let me quote again:

> 1.5.3 ISAKMP Requirements
>
> Strong authentication MUST be provided on ISAKMP exchanges.  Without
> being able to authenticate the entity at the other end, the Security
> Association (SA) and session key established are suspect.  Without
> authentication you are unable to trust an entity's identification,
> which makes access control questionable.  While encryption (e.g.
> ESP) and integrity (e.g.  AH) will protect subsequent communications
> from passive eavesdroppers, without authentication it is possible
> that the SA and key may have been established with an adversary who
> performed an active man-in-the-middle attack and is now stealing all
> your personal data.

The expression "strong authentication" has a very precise meaning.
But, if there is any doubt about it, the RFC directly forbids
authentication which is vulnerable to MITM attacks.  I believe
that any reasonable interpretation of this forbids group-shared
secret authentication, for n > 2.  For n = 2, it also forbids
cases where the "secret" is really a passphrase.

Real-world applications can always use IETF standards-tracks
technologies, but that should in no way compel the WG to quickly
adopt ways to standardize such applications.  Furthermore, *this*
working group is one which really must resist active attacks.   That
is not the case, e.g. with S/KEY and its RFC is quite frank about it.


John Pliam
pliam@ima.umn.edu
http://www.ima.umn.edu/~pliam