[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



 
----- Original Message -----
From: "Paul Hoffman / VPNC" <paul.hoffman@vpnc.org>
To: <ipsec@lists.tislabs.com>
Sent: Monday, November 26, 2001 5:40 PM
Subject: RE: SOI: identity protection and DOS

> At 5:06 PM -0500 11/26/01, Andrew Krywaniuk wrote:
> >  > Positive traits of IKEv1 pre-shared keys:
> >>  a) easy for each party to set up
> >>  b) not susceptible to CRL time lag or CA key compromise
> >>  c) fewer exponentiations on each side for IPsec key setup
> >>
> >>  Negative traits of IKEv1 pre-shared keys:
> >>  d) hard to scale
> >>  e) unless identity protection is not needed, the initiator must be at
> >>  known IP address, and there must be only one pre-shared key at that
> >>  address
> >  > f) out-of-band swapping of the key must be done privately
> >
> >
> >Some comments on this:
> >
> >(e) is only due to a flaw in IKEv1, and is unrelated to the use of preshared
> >keys in general.
>
> Yup. Some people think that identity protection is absolutely needed
> in every circumstance, but most people would agree that identity
> protection isn't worth preventing pre-shared secrets from working
> with mobile users.
>
> >(f) is not really valid because you need an out-of-band mechanism either
> >way.
>
> Not true. You only need a authenticated transport for the public key
> hashes: you don't have to keep them private.
>
> >(d) is the real reason for not using preshared keys.
>
> ...for some people. In many environments, scaling is not an an issue.
> It is easy to argue that setting up simple CA and keeping its key
I suppose the CA's public key never change. :-)
Otherwise, the CA's new public key(s) has to pass on the phone too.

> secret and issuing CRLs and so on for a 5-gateway WAN is more
> difficult that passing around five preshared secrets on the phone.
>
> --Paul Hoffman, Director
> --VPN Consortium
>

References: