[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please kill preshared key.
On Thu, 6 Dec 2001, david chen wrote:
> Agree,
>
> IKE is for 'key exchange'.
> It is *no* needs to change keys in pre-shared key mode.
>
> In the pre-share key model, the two devices can just go directly to phase 2
> of
> IPSec.
Ummm, no. That's not how preshared keys work in IKEv1, and I don't think
anyone is advocating such a feature for SOI/JFK/Whatever. Instead, with
PSKs in IKEv1, devices authenticate each other by knowledge of the PSK --
without the PSK, a device is unable to compute the SKEYID, and thus will
be unable to complete the final part of the IKE transaction. This means
that knowledge of the PSK does not allow an attacker to decrypt a
transcript of an IKE session authenticated via that PSK (unless he can
solve the DH problem as well).
>
> --- David
>
>
>
>
> ----- Original Message -----
> From: "Bill Sommerfeld" <sommerfeld@east.sun.com>
> To: <ipsec@lists.tislabs.com>
> Sent: Thursday, December 06, 2001 1:47 PM
> Subject: Please kill preshared key.
>
>
> > Since there are people arguing to save preshared key, I just wanted to
> > reemphasize that:
> >
> > 0) it adds cryptographic complexity -- you essentially need a
> > different cryptographic protocol for PSK vs. signature keys. Let's
> > spend the cycles of our cryptographers on more important stuff than
> > this.
> >
> > 1) it adds YET ONE MORE OPTION you need to test, one more knob you
> > can misconfigure.. more time for customers spent fumbling around
> > trying to figure out how to configure systems.
> >
> > 2) equivalent functionality can be found in preconfigured public keys
> > and/or self-signed certificates.
> >
> > There's no need for it, it adds complexity. Kill it.
> >
> > - Bill
> >
>
Follow-Ups:
References: