[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: preshared

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI: preshared
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 19 Nov 2001 15:25:04 -0500 (EST)
In-Reply-To: <15353.24948.198728.631259@thomasm-u1.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 19 Nov 2001, Michael Thomas wrote:
> The consequence of using naked public keys in lieu
> of symmetric keys is that you incur the cost of
> both a DH and a RSA operation...

Correct.  That's the same overhead as experienced with certificates, etc.,
so if it is acceptable for large-scale high-volume use, it should be okay
for a fallback mode intended for more limited applications.

> You could
> conceivably get rid of the DH if you don't care
> about identity, but for preshared keys it seems
> questionable why you'd want to do _either_.

Today's preshared keys are for authentication, not encryption, so the DH
step is not optional -- they often are things like English phrases, which
may be okay for authentication but definitely does not provide encryption
strong enough to adequately protect session-key exchanges. 

A proposal for an ultra-low-overhead IKE authentication mode, using strong
preshared keys to eliminate the DH step as well, is a separate issue from
whether we should retain the existing preshared-key mode (which does not
fit that description).

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: SOI: preshared

From: Michael Thomas <mat@cisco.com>

References:

Re: SOI: preshared

From: Michael Thomas <mat@cisco.com>

Prev by Date: Re: ipsec in tunnel mode and dynamic routing
Next by Date: Re: ipsec in tunnel mode and dynamic routing
Prev by thread: Re: SOI: preshared
Next by thread: Re: SOI: preshared
Index(es):
- Main
- Thread