[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: On shared keys

To: "'Ricky Charlet'" <rcharlet@redcreek.com>
Subject: RE: On shared keys
From: "Wang, Cliff" <CWang@smartpipes.com>
Date: Thu, 29 Nov 2001 21:37:55 -0000
Cc: IPsec WG <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

I agree with Ricky's view. In my opinion, PSK based authentication method
need to exist for a good reason from the deployment point of view also:

Although IPsec tunnels can be set up manually, manual deployment doesn't
scale well, especially when PSK is used.

However, more and more VPN service providers are offering managed VPN
service. When both ends of an IPsec tunnel are under the same management,
PSK generation and deployment is not a complex task. There is no scalability
issues when the PSK is created and tracked by management tools on a
per-tunnel basis. On the contrary, using PSK actually simplifies the VPN
deployment requirement by eliminating the need of establishing and
maintaining a complex PKI system.

-----Original Message-----
From: Ricky Charlet [mailto:rcharlet@redcreek.com] 
Sent: Tuesday, November 27, 2001 2:37 PM
Cc: IPsec WG
Subject: Re: On shared keys 


Hugo Krawczyk wrote:
> 
> Everyone agrees that public key is the ONLY way to a scalable 
> Internet-wide protocol. No question about it. In particular, any 
> key-exchange protocol for IPsec MUST provide a PK-based exchange.

	I agree that, in theory, a PK based system should scale further than
a PSK based system. But in practice, we live in a world where PSK based
authentication methods have been made to scale to an entirely sufficient
degree by almost every corporation. The advantages of scaling further yet
seems pretty dim in most of their eyes when compared to the cost of
re-tooling their credential handling. 

	The set of organizations who need greater scalability than PSKs is
small (but non-ignorable). The set of organizations who currently have
working infrastructures to support PSK authentications is large. 

	So, do we need a PSK authentication method as well as a PK
authentication method? Each of the three next generation IKE replacement
drafts dropped support for PSK authentication specifically in the interest
of protocol simplicity. This is a laudable goal and should not be lightly
dismissed. Simplicity increases both interoperability and security.

	Some have argued that we need a PSK authentication method because it
is easy to test. This argument does not overcome the arguments in favor of
protocol simplicity in my view.

	But, I would like to make the point (as others have) that a PSK
authentication system which can easily interact with popular back-end
authentication servers and will not tie the peers down to pre-configured,
known IP addresses would be a highly usable and popular protocol as it would
conviently address a great need. IMHO, such an authentication method is in
more demand than a PK authentication method even though the PK
authentication could scale larger.

	Next generation IKEers have all set about the goals of reducing
complexity and setup cost. But I would also request (and here starts a new
war) that the authors of IKE replacement protocols also consider taking on
the goals set forth in the ipsra WG
(draft-ietf-ipsra-reqmts-04.txt) but with the ability to 'change IKE'.

	I think that we should do a PSK authentication method because it
would be useful.

-- 
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety." Benjamin Franklin

  Ricky Charlet   : SonicWall Inc.   : usa (510) 497-2103

Prev by Date: Re: On shared keys (was RE: SOI: identity protection and DOS)
Next by Date: Re: On shared keys
Prev by thread: Re: On shared keys
Next by thread: RE: On shared keys (was RE: SOI: identity protection and DOS)
Index(es):
- Main
- Thread