[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC Security Gateways & NAT

To: "'Dan Harkins'" <dharkins@lounge.org>, Derek Atkins <warlord@mit.edu>
Subject: RE: IPSEC Security Gateways & NAT
From: "Chen, David" <dchen@ellacoya.com>
Date: Wed, 13 Jun 2001 15:24:59 -0400
Cc: "Chen, David" <dchen@ellacoya.com>, "'jshukla'" <jshukla@earthlink.net>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Dan,
Preshared key seem more effective against DOS attack 
comparing to "generating prime number" or "check certificate revocation"?
Regards,
--- David


-----Original Message-----
From: Dan Harkins [mailto:dharkins@lounge.org]
Sent: Wednesday, June 13, 2001 3:03 PM
To: Derek Atkins
Cc: Chen, David; 'jshukla'; ipsec@lists.tislabs.com
Subject: Re: IPSEC Security Gateways & NAT 


On 13 Jun 2001 12:24:28 EDT you wrote
> 
> I agree that it is a problem that the IKE ID is tied to the source and
> destinatin IP address.  Currently, however, the __ONLY__ time there is
> this particular problem is when using pre-shared static keys for
> authentication.  Well, first, I would suggest people not use
> pre-shared static keys.  That suggestion notwithstanding, wouldn't it
> be better if this problem was fixed completely, so that pre-shared
> static keys are _NOT_ tied to the IP Source Address?

The reason it was done that way is that there was a desire to force the
keys to contain something known only by the peers (which is why signature 
mode was described as "the least secure"). There was also a requirement 
for identity protection. Those two combined to give us what we have today.
You need to get the pre-shared secret to use to derive a key to protect
the identity which is used to find the pre-shared key. That wouldn't work
so the key is bound to all you can know at that time-- the IP address.
Actually, using ID_KEYID identity and Aggressive Mode can give you identity
protection (since the keyid can be any opaque blob) with pre-shared keys
but that's really not an elegant solution.

Provided that the Diffie-Hellman is authenticated I guess we could say
that the resultant secret is something known only by the parties to
the exchange and therefore having g^xy (and not the pre-shared key) is
good enough. But I'm not a cryptographer and I didn't come up with the
key derivation. 

I'm all for simplifying and unifying SKEYID generation. Are there any 
comments on this proposal? Hugo, are you out there?

  Dan.

Follow-Ups:

Re: IPSEC Security Gateways & NAT

From: Dan Harkins <dharkins@lounge.org>

Prev by Date: Re: [MSEC] The use HMAC
Next by Date: Re: IPSEC Security Gateways & NAT
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread