[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Safety of pre-shared keys? (Re: Reliable delete notifies)



Isn't the biggest difference that whilst you need to ensure that the peer
receives the correct self-signed public key out-of-band (authenticity
requirement), if a secret key is used then there is an additional
confidentiality requirement.

A self-signed certicate also includes an implicit integrity check which is
also important.

This all means that handling of self-signed certificates is much less
onerous than pre-shared secert keys.

Chris

> Note that the vulnerabilities of pre-shared key that you refer to
> only apply to the case of a WEAK KEY (such as a password-derived key).
> It says nothing about the security of the pre-shared mode (main
> or agressive) when using a strong key.
> In such a case there is no security problem!
> (There is always a security problem if you do not choose your keys
> correctly or you do not know how to manage them securely).
> 
> In any case preshared mode (main or aggressive) was NOT designed to be
> used with passwords. A password-based protocol needs a 
> specialized design
> (either a new mode for IKE or the proposals of ipsra).
> 
> Hugo


Follow-Ups: