[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-pki-req-05.txt

To: ipsec list <ipsec@lists.tislabs.com>
Subject: Re: I-D ACTION:draft-ietf-ipsec-pki-req-05.txt
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Thu, 13 Jul 2000 13:45:18 +0300 (IDT)
In-Reply-To: <200007121029.GAA14780@ietf.org>
Sender: owner-ipsec@lists.tislabs.com


The draft has several incorrect statements about the ability 
of the encryption modes of IKE to protect the identity and certificate
of the sender from discovery by eavesdroppers.

Contrary to what is stated in the draft, the "Revised Mode of Public Key
Encryption" allows for identity AND certificate protection in BOTH main
mode AND aggressive mode.
The first "Public Key Encryption mode" in IKE specifies how to encrypt the
initiator's identity but not its certificate.  
The Revised mode specifies the latter too. In particular, the Revised 
mode is the only authentication mode of IKE that allows for certificate 
and identity protection in aggressive mode.

I am including below the paragraphs in the current draft that need 
to be coorected. In particular, you have to distinguish between the 
"Public Key Encryption mode" and the "Revised" one for the sake of 
certificate protection.

Hugo

The incorrect paragraphs:

> In order to protect the identity in a Certificate payload, the IKE
> device that wishes to deliver its own certificates to its peer MUST use
> Main Mode MUST only include Certificate payloads in message 5 or 6.

The two MUST are incorrect:

The first one is incorrect since there there is the possibility of using
Revised PKE *aggressive* mode and still protect the certificate's identity.
As for the second MUST, Revised PKE Main mode allows for certificate
inclusion and encryption in the third message.


 [......]

> 
> In Main Mode with encryption-based authentication, Certificate payloads
> SHOULD only appear in messages 1, 2, and 3 because that is the only
> place where they are useful for the exchange; note that the
> certificates in these messages are not encrypted and will thus reveal
> identity information.

The last sentence (after ;) does not hold for Revised PKE mode.

 [......]

>
> IKE Main Mode attempts to preserve identity protection by only sending
> ID payloads in messages 5 and 6, which are encrypted. Sending
> certificates in unencrypted IKE Main Mode messages (1 through 4) will
> reveal the identity of the sender. Note that sending certificates in
> Main Mode for encryption-based authentication by its very nature will
> expose the identity of the sender.

Again, as explained, the above is incorrect.

References:

I-D ACTION:draft-ietf-ipsec-pki-req-05.txt

From: Internet-Drafts@ietf.org

Prev by Date: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Next by Date: RE: problems with draft-jenkins-ipsec-rekeying-06.txt
Prev by thread: I-D ACTION:draft-ietf-ipsec-pki-req-05.txt
Next by thread: RE: I-D ACTION:draft-ietf-ipsec-pki-req-05.txt
Index(es):
- Main
- Thread