[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A fix for main mode with preshared keys

To: francisco_corella@hp.com
Subject: Re: A fix for main mode with preshared keys
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Sun, 12 Dec 1999 17:06:14 -0800
cc: hugo@ee.technion.ac.il, ipsec@lists.tislabs.com
In-reply-to: Your message of "Sun, 12 Dec 1999 16:17:01 PST." <H00013960da6cb41@MHS>
Sender: owner-ipsec@lists.tislabs.com

  ID_KEY_ID is just another way of identifying a pre-shared key. If you
choose to not authenticate the peer and want to have a group pre-shared
key there is nothing inheirent in ID_KEY_ID that would prevent you from
doing this. 

  There are no syncronization problems with using ID_KEY_ID anymore than
there are with plain identified-by-ip-address pre-shared keys. The
problem came when I described a technique to prevent traffic analysis
(although I think that's not really an issue but it has been raised in
the past as one so I felt I should address it) by hashing the key _after_
authentication. Now the problem Andrew described was something along the
lines of "what happens if my hard drive crashes and I want to restore
my drive without re-syncronizing". But a security protocol is not the
place to address these problems (after all what if you had a disk crash
and a fire in the closet where your tapes were stored! This line of
reasoning could go on forever and after all, backup tapes that contain
authentication information should probably be stored in the central office
so resyncronization with the database is not an issue). On the other hand,
if it's such a worry then don't rehash the ID_KEY_ID; it's not necessary.

  But if you can live with the scaling difficulties in pre-shared keys
then you can live with the scaling difficulties of uncertified public
keys and use RSA encryption mode (or El-Gamal encryption mode). You
get ID protection and all the rich negotiation of Main Mode. 

  Dan.

On Sun, 12 Dec 1999 16:17:01 PST you wrote
>      
> Hugo,
> 
> I like very much your solution based on redifining SKEYID_e.
> 
> Concerning the ID_KEY_ID solution, if I understand it correctly, it works whe
>n 
> the key is shared between two parties only.  It does not work in the case whe
>re 
> it is shared by multiple parties (e.g. all machines in a given domain).  And 
>in 
> the case of two parties, it has the synchronization problems that were pointe
>d 
> out by Andrew Krywaniuk.  So I think the SKEYD_e solution is much better.
> 
> Francisco

Follow-Ups:

Re: A fix for main mode with preshared keys

From: francisco_corella@hp.com

References:

Re: A fix for main mode with preshared keys

From: francisco_corella@hp.com

Prev by Date: Re: A fix for main mode with preshared keys
Next by Date: A problem with public key encrption in IKE
Prev by thread: Re: A fix for main mode with preshared keys
Next by thread: Re: A fix for main mode with preshared keys
Index(es):
- Main
- Thread