[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSEC Security Gateways & NAT
Dan,
Since the phase 1 goal is to auth DH-key exchange.
The DH key is generated *after* auth anyway.
However,
the pre-shared key (pass-phrase) authetication cost less (and stateless)
for responder to verify than "public key" authentication.
Regards,
--- David
-----Original Message-----
From: Dan Harkins [mailto:dharkins@lounge.org]
Sent: Thursday, June 14, 2001 12:05 PM
To: Chen, David
Cc: ipsec@lists.tislabs.com
Subject: Re: IPSEC Security Gateways & NAT
There is no need to compute a set of prime numbers to do the D-H
exchange in IKE. The prime number is specified in the group. In any
event, you still have to do a D-H when authenticating with pre-shared
keys so even if your premise was correct (that you need to generate a
set of prime numbers to do a D-H in IKE) then your conclusion (that
pre-shared keys is somehow less susceptible to a DOS attack) does not
follow.
And again, the responder does not do any work D-H-wise until it has
received 2 messages from the same peer with the 2nd message containing
something he created. The DOS concern is not that it is doing unnecessary
D-H computation it is that it creates state upon the receipt of a single
message from an initiator.
Dan.
On Thu, 14 Jun 2001 10:07:05 EDT you wrote
>
> If you pre-comp a set of prime numbers for DH-key exchange...
> These can use only one time and they are consumed faster then you can come
> up new ones.
> This is the DOS idea that keep the IPSec responder so busy (meaninglessly)
> that
> no time for other meaningful activities.
> Recycling prime numbers for DH-key exchange is a implementation mistake???
>
> The CR process requires pending on a state that waits for server search
> through the
> chains of servers to come up CRL (and it grows longer along the time).
> It is a classical eavesdropping.
>
> The preshared key (pass-phrase) can auth the peer with much less cost and
> stateless.
>
> If someone can inscribe the first pair of DH-key exchange with CHAP(or
> others),
> it seems can remove some random DOS attack.
> This will complement the DH-Key exchange's weakness of
> unknowing the peer is "DOS attacker".
>
> Regards,
>
> --- David
>
Follow-Ups: