[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode



And I fourth that! :-)

PSK should be option for now and the future. For now, the obvious reason is
interoperability between IPsec and PKI devices. PKI, at the moment, is still
too immature a technology. For example, We have found that the
implementation of certain standards vary between PKI vendors, IPsec CPE
devices and Directory (CRL) infrastructure even though it is supposed to be
based on 1 standard!

Through much struggle, we have almost got a PKI system issuing certs and
CRLs to our IPsec devices. On the other hand, PSK was very simple to use. It
took us almost 6 months, numerous support cases and many sleepless nights to
get our PKI working with our IPsec devices! In that sense, PSK should be an
option for companies looking to go to market quickly and with as little
hassle as possible [with the understanding that it is much less secure].

Till PKI fully interworks with IPsec devices, only then should we decide
whether to drop PSK or not.

Henry Spencer mentioned a non PKI mode. I don't see what benefit that it or
how much more secure that is compared with PSK. Could anyone elaborate on
that please?

Alister

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Sara Bitan
> Sent: 06 December 2001 08:48
> To: Wang, Cliff; ipsec@lists.tislabs.com; Alex Alten
> Subject: Re: Please save the pre-shared key mode
>
>
> Well I guess I am the 3rd...
> - Pre shared keys don't necessarily mean manual installation. Kerberos
> creates a symmetric shared key between two principals, that can
> be used as a
> pre-shared key. There is a whole family of challenge response
> protocols that
> supply the parties with a symmetric key that can be used a pre-shared IKE
> authentication key (.e.g. 3GPP AKA protocol).
> - There are many market segments that don't want to use public key
> cryptography for pure efficiency reasons. Are we going to tell
> these guys :
> "give up efficiency because PK cryptography is more secure", or are we
> simply going to say to them "Don't use IKE and IPSec" ?
> - We've been in this game before. We said "we will not support legacy
> authentication because it is insecure". Well, the market thought us a
> lesson, and look where we are today... I don't think we want to
> see us three
> years ahead in time with new WGs struggling to integrate pre-shared keys
> authentication into a framework that wasn't meant to support it.
> - Integration of pre-shared keys authentication into IKEv2 and
> IKE-SIGMA is
> simple. I not that an expert to say if this can be done in JFK,
> but I think
> that the new version of IKE must support pre-shared keys authentication.
>
>  Sara.
>
> ----- Original Message -----
> From: Alex Alten <Alten@netvista.net>
> To: Wang, Cliff <CWang@smartpipes.com>; <ipsec@lists.tislabs.com>
> Sent: Thursday, December 06, 2001 5:20 AM
> Subject: Re: Please save the pre-shared key mode
>
>
> >
> > I *strongly* 2nd this motion.  It would be extremely foolish
> > to eliminate PSK support.  Foolish in this case translates into
> > lots of extra expensive hardware, etc., for our poor customers.
> >
> > Of course software can handle the complexity of key distribution,
> > thus eliminating the supposed advantage of PK v.s. PSK.
> >
> > Cliff, you need to understand the reason why PK is so popular
> > with the IP crowd here.  Basically most of the older, influencial
> > developers/architects are very pro-privacy. They grew up in the 60's
> > and 70's during the height of the US Vietnam anti-war protests.
> > PK really fits into their group-think philosphy of distrusting the
> > government or whatever (dispite the fact that in the US, Europe and
> > Japan most governments are very representative of the people).
> >
> > Unfortunately for them, in the real world, IP routing layer
> > infrastructure is owned by corporate or governmental organizations,
> > not by individuals.  Therefore privacy is being granted by the
> > organization to the individual in order to use and access network
> > resources owned by that organization.  PK does *not* fit this model
> > very well.  After all why does an individual need generate a private
> > key to access an organization's computers?  Might as well just hand
> > him the private key, therefore PSK works just as well.
> >
> > The pity is that this heavy bias toward PK then blinds these guys
> > and gals to the real problems with PK, primarily that it is **dog
> > slow**, and tends to expand things (to the modulus size) thus making
> > it a pain-in-the-ass to stick into a protocol (especially one that
> > has to go over a slow, noisy wireless link).  Basically PK is
> > the crypto world's equivalent of the networking world's ASN.1.
> > It will be with us always whether we like it or not. Ugh.
> >
> > BTW, AtHome made it very clear to me recently that I (or my ISP ATT/TCI)
> > had absolutely no rights to their network computers (like my email inbox
> > on one of their servers).  A rather clear demonstration of the fact
> > that my network access is a privilege granted by an organization (in
> > exchange for money in this case), not a right.  Therefore using PK for
> > it's secret private key advantage is rather useless.  AtHome would
> > have cared less if I used PK or PSK with a VPN to access their email
> > server.
> >
> > - Alex
> >
> >
> >
> >
> > At 08:27 PM 12/5/2001 -0000, Wang, Cliff wrote:
> > >
> > >
> > > I have noticed that pre-shared key has been eliminated in the
> > > new key management protocol drafts. I understand the urge to
> > > simplify the existing IKE protocol. However, I do think that
> > > pre-shared key mode should be left as an option. There are a
> > > couple of reasons for that suggestion:
> > >
> > > 1) Simplicity
> > > Pre-shared key mode is simpler to support by eliminating the
> > > requirement of supporting complex PKI. Without the pre-shared
> > > key mode, are we forcing ourselves into using PKI system
> > > (assuming we are not using KINK)? If so, I would like to suggest
> > > that the new IKE replacement draft authors add the PSK options.
> > > There are many existing deployment of PSK based IPsec VPN and
> > > service providers are happy to keep the way it is without using
> > > PKI.
> > >
> > > 2) Cost
> > > Running PKI requires additional resources and increase the overall
> > > cost of VPN deployment for managed service providers, while end
> > > customer sees no increased benefits. If a customer out-sources his
> > > VPN and he only cares about site-to-site secure connection, he is
> > > probably not willing to choose a more costly PKI based solution.
> > >
> > > 3) Scalability
> > > Although PKI does provide a much better scalability in key delivery,
> > > for a managed VPN where each device has a secure channel to the
> > > managing server, this advantage is less important. PSK can be
> generated
> > > and provisioned to each box via the management channel to the device
> > > easily for a managed VPN, along with other IPsec tunnel parameter
> > > settings. Under such a centralized managed VPN, PSK based solution has
> > > a good scalability.
> > >
> > > We have implementations and operational experience that show that an
> > > automated VPN management tool has no scalability difficulties managing
> > > PSK for each tunnel.  Therefore we believe that PSK is a viable choice
> > > for VPN implementations and that PSK mode should be saved.
> >
> > --
> >
> > Alex Alten
> > Alten@Home.Com
> >
>
>



Follow-Ups: References: