[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC Security Gateways & NAT
On 13 Jun 2001 12:24:28 EDT you wrote
>
> I agree that it is a problem that the IKE ID is tied to the source and
> destinatin IP address. Currently, however, the __ONLY__ time there is
> this particular problem is when using pre-shared static keys for
> authentication. Well, first, I would suggest people not use
> pre-shared static keys. That suggestion notwithstanding, wouldn't it
> be better if this problem was fixed completely, so that pre-shared
> static keys are _NOT_ tied to the IP Source Address?
The reason it was done that way is that there was a desire to force the
keys to contain something known only by the peers (which is why signature
mode was described as "the least secure"). There was also a requirement
for identity protection. Those two combined to give us what we have today.
You need to get the pre-shared secret to use to derive a key to protect
the identity which is used to find the pre-shared key. That wouldn't work
so the key is bound to all you can know at that time-- the IP address.
Actually, using ID_KEYID identity and Aggressive Mode can give you identity
protection (since the keyid can be any opaque blob) with pre-shared keys
but that's really not an elegant solution.
Provided that the Diffie-Hellman is authenticated I guess we could say
that the resultant secret is something known only by the parties to
the exchange and therefore having g^xy (and not the pre-shared key) is
good enough. But I'm not a cryptographer and I didn't come up with the
key derivation.
I'm all for simplifying and unifying SKEYID generation. Are there any
comments on this proposal? Hugo, are you out there?
Dan.
Follow-Ups:
References: