[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: "sankar ramamoorthi" <sankar@nexsi.com>
Subject: Re: IPSEC Security Gateways & NAT
From: Derek Atkins <warlord@mit.edu>
Date: 14 Jun 2001 13:16:35 -0400
Cc: "Hugo Krawczyk" <hugo@ee.technion.ac.il>, "ipsec list" <ipsec@lists.tislabs.com>
In-Reply-To: "sankar ramamoorthi"'s message of "Wed, 13 Jun 2001 18:23:59 -0700"
References: <DIEPJEEKAPMEEKEELGGCEEACDAAA.sankar@nexsi.com>
Sender: owner-ipsec@lists.tislabs.com

"sankar ramamoorthi" <sankar@nexsi.com> writes:

> Is'nt one step missing in the process? That is the responder on receiving
> the
> first message has to check the policy and accept a matching SA proposal.
> The responder needs some way of getting to the policy.

How much policy checking is done as part of Phase I?  Indeed, in
looking at 2409, ALL authentication modes of Phase-I perform the 'IKE
SA Negotiation' in messages 1 and 2 before ANY identifying information
is sent.  Remember that this negotiation is _JUST_ about negotiation
the phase-I encryption/authentation protocols.

So, no, there isn't a step missing, because there is no policy
verification at this step.

> It is either the identifier or ip address of the peer that has to be used as
> the key to get to the policy.
> 
> That implies ip address has to be used as the key if identity protection
> is required - right?

No.  Phase-I Main Mode agrees on a protection suite after message 2,
and then you can go back and verify the policy after message 6, but
before you start a Phase-II.

-derek


> -- sankar --
> 
> 
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Hugo Krawczyk
> Sent: Wednesday, June 13, 2001 4:22 PM
> To: Derek Atkins
> Cc: ipsec list
> Subject: Re: IPSEC Security Gateways & NAT
> 
> 
> Derek, I have not seen Radia's paper so I can't comment on it.
> However, what you say here:
> 
> > Think about the process this way:
> >
> > 	1) Compute a key agreement using DH
> > 	2) Encrypt the identities in the agreed-upon key
> > 	3) Authenticate step 1 (and 2) using the shared secret with the
> > 	   peer (now that you know the identity).
> 
> is indeed a good explanation of the rationale for the change to pre-shared
> mode I suggested in a previous message.
> This is why I changed SKEYID_e to depend on g^xy only but left the
> HASH_I/R computations to depend on the preshared key (SKEYID)
> 
> Hugo
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

Follow-Ups:

RE: IPSEC Security Gateways & NAT

From: "sankar ramamoorthi" <sankar@nexsi.com>

References:

RE: IPSEC Security Gateways & NAT

From: "sankar ramamoorthi" <sankar@nexsi.com>

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: RE: IPSEC Security Gateways & NAT
Next by thread: RE: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread