[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: On shared keys (was RE: SOI: identity protection and DOS)

To: "'Sandy Harris'" <sandy@storm.ca>, "'IPsec WG'" <ipsec@lists.tislabs.com>
Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)
From: "Wang, Cliff" <CWang@smartpipes.com>
Date: Fri, 30 Nov 2001 18:52:54 -0000
Sender: owner-ipsec@lists.tislabs.com

I tend to disagree with what you have stated. Please see comments inline.

-----Original Message-----
From: Sandy Harris [mailto:sandy@storm.ca] 
Sent: Friday, November 30, 2001 10:11 AM
To: 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)

.....[text omitted]

> I furthermore claim that Symmetric/Private Key cryptography will scale 
> to great numbers of users
[sandy]
Sorry, but this is nonsense. The classic problem with symmetric crypto is
key management. It neither scales well nor works well across administrative
boundaries.

[cliff] It depends whether you do it humanly or through management tools.
When you do it manually, it doesn't scale well. When you use software to do
it, not a problem.

[sandy]
Consider n sites which all want to communicate.

For symmetric ciphers, you need n*(n-1)/2 unique keys, each of which is
known to exactly two players and none of the others. Moreover, you have to
communicate those keys securely to the second player in each case, and then
keep it secure on both systems.

[cliff] Again, using provisioning and management tools, managing n*(n-1)/2
unique keys does not pose a scalability issue at all. The key can be
provisioned to each box easily, since both ends of a tunnel are under the
same management. On the other side, when you are using cert, you still have
to deal the issue of sending the private key to the box, if the key pair is
generated outside of the box, or deal with the issue of making cert request
and then later install the cert. Do you think that is easier than just
delivering the PSK to the device by management software?

[sandy]
With public key, you need only n key pairs. There is no need to communicate
keys securely; the system is designed to work even if the enemy knows the
public keys. Nor do you have to manage security for multiple keys, or keep
track of who each key is shared with. You just need to keep your private key
secure, not shared with anyone.

[cliff] It depends where the key pair is generated. If it is generated
inside the box, you need to get the cert request out and then later install
the issued cert. You also have to install root CA chain to each box. You
also have to do CRL checking. Simple comparison between N key pair vs.
n*(n-1)/2 unique keys is unfair. You have to look at the whole picture.

When using provisioning software, managing n key pairs or managing n*(n-1)/2
doesn't pose major scalability difference at all, in terms of key generation
cost. Installing cert is no easier than installing PSK.

Bottom line is that PSK based IPsec/IKE VPN has been accepted by customers
and deployed in field via service provider offering. It is just one type of
authentication that a service provider can  offer and customers can choose.
It simplifies the VPN setup by eliminating PKI system in the deployment.
Saying that PSK based VPN is not scalable is biased, when you think you are
doing it manually.

So please look at the whole picture and realize that PSK based VPN has been
offered by service providers and accepted happily by tens-of-thousands
customers because of its simplicity and good scalability when such VPN
systems are deployed via provisioning and management tools.

Follow-Ups:

Re: On shared keys (was RE: SOI: identity protection and DOS)

From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: CBC makes Implementations too Slow.
Next by Date: RE: On shared keys (was RE: SOI: identity protection and DOS)
Prev by thread: RE: On shared keys (was RE: SOI: identity protection and DOS)
Next by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
Index(es):
- Main
- Thread