[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Safety of pre-shared keys? (Re: Reliable delete notifies)
Isn't the biggest difference that whilst you need to ensure that the peer
receives the correct self-signed public key out-of-band (authenticity
requirement), if a secret key is used then there is an additional
confidentiality requirement.
A self-signed certicate also includes an implicit integrity check which is
also important.
This all means that handling of self-signed certificates is much less
onerous than pre-shared secert keys.
Chris
> Note that the vulnerabilities of pre-shared key that you refer to
> only apply to the case of a WEAK KEY (such as a password-derived key).
> It says nothing about the security of the pre-shared mode (main
> or agressive) when using a strong key.
> In such a case there is no security problem!
> (There is always a security problem if you do not choose your keys
> correctly or you do not know how to manage them securely).
>
> In any case preshared mode (main or aggressive) was NOT designed to be
> used with passwords. A password-based protocol needs a
> specialized design
> (either a new mode for IKE or the proposals of ipsra).
>
> Hugo
Follow-Ups: