[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: "Derrell D. Piper" <ddp@cips.nokia.COM>
Subject: Re: Simplifying IKE
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Thu, 12 Oct 2000 14:53:04 +0200 (IST)
cc: Dan Harkins <dharkins@cips.nokia.COM>, ipsec <ipsec@lists.tislabs.com>
In-Reply-To: <200010110919.CAA16174@gallium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 11 Oct 2000, Derrell D. Piper wrote:

> For purposes of concensus, I think Aggressive Mode is bloat and I'd like to
> remove it.  There are ways to use pre-shared keys without fixed IP addresses
> which solve the problem without giving up identity protection.  Aggressive
> Mode is a remnant of the SKIP vs ISAKMP debate which optimized round-trips
> at
> the expense of protocol complexity.  It was a bad design decision on our
> part
> to include it in the first place.
>
> Derrell

If savings of rounds is considered important this can be achieved 
without aggressive mode, namely, whenever a phase 1 exchange is performed
skip phase 2 and derive key material directly from SKEYID_d. 
This is possible and has no cryptographic disadvantage. However, it
certainly changes IKE. Moreover, it violates current isakmp processing.
Are there any clear reasons (beyond the above changes to IKE and isakmp)
not to do that?

Note that if one adopts the above approach, Quick Mode should still be
maintained as a periodic re-key mechanism (this was the original intent of
this mode in SKEME). Such refreshments are important to limit key usage 
and to resist cryptanalysis (present and future).

Hugo

Follow-Ups:

Re: Simplifying IKE

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

References:

Re: Reliable delete notifies

From: "Derrell D. Piper" <ddp@cips.nokia.COM>

Prev by Date: Re: Simplifying IKE (was RE: Reliable delete notifies)
Next by Date: RE: Larger DH groups?
Prev by thread: Re: Reliable delete notifies
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread