[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: L2TP+IPsec and IKE authentication



My take on this is that secondary authentication is needed, be it at the PPP
level, XAUTH or other (e.g. CRACK proposal) to allow for a 'challenge'.

If we relied solely on a device-loaded certificate or pre-shared secret to
authenticate the user, that is not a 'secure' situation in the event of the
device being 'borrowed'.

In time, when certificate smartcards and native laptop smartcard readers are
readily available (smartcards that request a user challenge -
pin/signature/biometrics), then we may be able to dispense with
'device+user' authentication.

On the up-side, having a root trust in a device, as well as a user of that
device does provide extra security.  On the down-side, it is restrictive -
e.g. connecting from shared/public equipment such as from a cyber cafe.



Steve.


-----Original Message-----
From: Yael Dayan [ mailto:yael@radguard.com <mailto:yael@radguard.com> ]
Sent: Wednesday, May 24, 2000 9:51 AM
To: ipsra
Cc: ipsec@lists.tislabs.com
Subject: L2TP+IPsec and IKE authentication


It seems as though no one is paying attention to an issue that dominated
these mailing lists in the not so far past, concerning the validity of
the authentication procedure imposed by XAUTH.

L2TP+IPsec requires IKE. IKE is an authenticated key exchange and yet
people clearly state that the user authentication will take place in the
PPP authentication.
This means one of these is true:
1. Users have certificates. In this case why do we need the PPP
authentication?
2. Each user has a pre-shared secret with the SGW. Again, why do we need
the PPP authentication?
3. The user does not authenticate to the SGW and Phase I, Phase II and
IPsec traffic happen prior to authentication of the user. To support
this, IKE requires changes and the architecture in "security
architecture" becomes somewhat questionable.

Yael




Follow-Ups: