[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: preshared
Henry Spencer writes:
> > You could
> > conceivably get rid of the DH if you don't care
> > about identity, but for preshared keys it seems
> > questionable why you'd want to do _either_.
>
> Today's preshared keys are for authentication, not encryption, so the DH
> step is not optional -- they often are things like English phrases, which
> may be okay for authentication but definitely does not provide encryption
> strong enough to adequately protect session-key exchanges.
Well, it need not be -- especially if you buy into
Cheryl's premise that IKE is a machine-machine
protocol more than a user-user protocol. It's
not hard to choose and remember a symmetric key
which isn't subject to dictionary attacks if
you're a machine, after all.
But this really does beg the question of what
the requirement actually is here. Do we need to
have a well-supported/efficient peer to peer
preshared key scheme for IKE or not. If we
do, it informs this debate. If we do not, we
can skip this debate altogether.
Mike
References: