[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Pre-shared keys do not require extra messages.
The P-SIGMA protocol requires just three messages, like SIGMA.
I think pre-shared keys authentication is a requirement, and it doesn't
necessary imply huge overhead. There are several good (and popular)
protocols out there that supply shared keys to two parties.
I know that in the real world certificates are not as popular and widely
used as we would like them to be. An insecure certificates deployment will
be much more harmful that a *correct* and useful pre-shared key
authentication mode.
Sara
----- Original Message -----
From: Michael Thomas <mat@cisco.com>
To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Cc: Derek Atkins <warlord@mit.edu>; ipsec list <ipsec@lists.tislabs.com>
Sent: Monday, November 26, 2001 7:20 PM
Subject: Re: SOI: identity protection and DOS
> Hugo Krawczyk writes:
> > On 20 Nov 2001, Derek Atkins wrote:
> > [...]
> > >
> > > I happen to agree with Radia's point that you should try to protect
> > > the initiator's identity before the responder's identity (which
> > > implies the responder should authenticate to the initiator first).
> > > Yes, this implies an extra round trip, but if the initiator wants to
> > > protect their identity they should have the choice to do so.
> > >
> >
> > No, it does NOT imply an extra round trip. It is the other way around.
> > Protecting the initiator from active attacker takes just 3 messages.
> > Protecting the responder takes 4.
> > See the SIGMA draft
> >
(http://www.ee.technion.ac.il/~hugo/draft-krawczyk-ipsec-ike-sigma-00.txt)
>
> If you allow for pre-shared keys, then it clearly
> requires an extra message or two. Which is why we
> should determine what the actual requirement is
> re pre-shared keys. If it's a requirement, then
> we need to confront the time/protection tradeoff.
> If it's not a requirement, this mostly vanishes.
>
> Mike
Follow-Ups:
References: