[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys

Subject: Re: On shared keys
From: Ricky Charlet <rcharlet@redcreek.com>
Date: Tue, 27 Nov 2001 11:36:37 -0800
CC: IPsec WG <ipsec@lists.tislabs.com>
Organization: Redcreek Communications
References: <Pine.GSO.4.21.0111270123520.11590-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

Hugo Krawczyk wrote:
> 
> Everyone agrees that public key is the ONLY way to a scalable
> Internet-wide protocol. No question about it. In particular,
> any key-exchange protocol for IPsec MUST provide a PK-based exchange.

	I agree that, in theory, a PK based system should scale further than a
PSK based system. But in practice, we live in a world where PSK based
authentication methods have been made to scale to an entirely sufficient
degree by almost every corporation. The advantages of scaling further
yet seems pretty dim in most of their eyes when compared to the cost of
re-tooling their credential handling. 

	The set of organizations who need greater scalability than PSKs is
small (but non-ignorable). The set of organizations who currently have
working infrastructures to support PSK authentications is large. 

	So, do we need a PSK authentication method as well as a PK
authentication method? Each of the three next generation IKE replacement
drafts dropped support for PSK authentication specifically in the
interest of protocol simplicity. This is a laudable goal and should not
be lightly dismissed. Simplicity increases both interoperability and
security.

	Some have argued that we need a PSK authentication method because it is
easy to test. This argument does not overcome the arguments in favor of
protocol simplicity in my view.

	But, I would like to make the point (as others have) that a PSK
authentication system which can easily interact with popular back-end
authentication servers and will not tie the peers down to
pre-configured, known IP addresses would be a highly usable and popular
protocol as it would conviently address a great need. IMHO, such an
authentication method is in more demand than a PK authentication method
even though the PK authentication could scale larger.

	Next generation IKEers have all set about the goals of reducing
complexity and setup cost. But I would also request (and here starts a
new war) that the authors of IKE replacement protocols also consider
taking on the goals set forth in the ipsra WG
(draft-ietf-ipsra-reqmts-04.txt) but with the ability to 'change IKE'.

	I think that we should do a PSK authentication method because it would
be useful.

-- 
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety." Benjamin Franklin

  Ricky Charlet   : SonicWall Inc.   : usa (510) 497-2103

Follow-Ups:

Re: On shared keys

From: Tylor Allison <allison@securecomputing.com>

References:

On shared keys (was RE: SOI: identity protection and DOS)

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: SOI: identity protection and DOS
Next by Date: Re: On shared keys (was RE: SOI: identity protection and DOS)
Prev by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
Next by thread: Re: On shared keys
Index(es):
- Main
- Thread