[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode

To: Alister Yap <alister@colt.net>
Subject: RE: Please save the pre-shared key mode
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Thu, 6 Dec 2001 15:34:47 -0800 (PST)
cc: Sara Bitan <sarab@cs.Technion.AC.IL>, "Wang, Cliff" <CWang@smartpipes.com>, ipsec@lists.tislabs.com, Alex Alten <Alten@netvista.net>
In-Reply-To: <AAEFLEIBEBHEDGFBDNKIKEKCCNAA.alister@colt.net>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 6 Dec 2001, Alister Yap wrote:

> And I fourth that! :-)
> 
> PSK should be option for now and the future. For now, the obvious reason is
> interoperability between IPsec and PKI devices. PKI, at the moment, is still
> too immature a technology. For example, We have found that the
> implementation of certain standards vary between PKI vendors, IPsec CPE
> devices and Directory (CRL) infrastructure even though it is supposed to be
> based on 1 standard!
> 
> Through much struggle, we have almost got a PKI system issuing certs and
> CRLs to our IPsec devices. On the other hand, PSK was very simple to use. It
> took us almost 6 months, numerous support cases and many sleepless nights to
> get our PKI working with our IPsec devices! In that sense, PSK should be an
> option for companies looking to go to market quickly and with as little
> hassle as possible [with the understanding that it is much less secure].
> 
> Till PKI fully interworks with IPsec devices, only then should we decide
> whether to drop PSK or not.
> 
There are multiple ways of rolling out a pki, PKI, or PKi (yes, they are all
different ;). They don't have to be PKIX-complex (is that a superset of
NP-complete?). You can do it MUCH simpler, and still secure, and not need
pre-shared symmetric keys. Use a pre-shared self-signed certificate, or
pre-share the md5-signature of the key, and send it SSH style.

There's simply no reason to have pre-shared symmetric keys.

jan


> Henry Spencer mentioned a non PKI mode. I don't see what benefit that it or
> how much more secure that is compared with PSK. Could anyone elaborate on
> that please?
> 
> Alister
> 
> > -----Original Message-----
> > From: owner-ipsec@lists.tislabs.com
> > [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Sara Bitan
> > Sent: 06 December 2001 08:48
> > To: Wang, Cliff; ipsec@lists.tislabs.com; Alex Alten
> > Subject: Re: Please save the pre-shared key mode
> >
> >
> > Well I guess I am the 3rd...
> > - Pre shared keys don't necessarily mean manual installation. Kerberos
> > creates a symmetric shared key between two principals, that can
> > be used as a
> > pre-shared key. There is a whole family of challenge response
> > protocols that
> > supply the parties with a symmetric key that can be used a pre-shared IKE
> > authentication key (.e.g. 3GPP AKA protocol).
> > - There are many market segments that don't want to use public key
> > cryptography for pure efficiency reasons. Are we going to tell
> > these guys :
> > "give up efficiency because PK cryptography is more secure", or are we
> > simply going to say to them "Don't use IKE and IPSec" ?
> > - We've been in this game before. We said "we will not support legacy
> > authentication because it is insecure". Well, the market thought us a
> > lesson, and look where we are today... I don't think we want to
> > see us three
> > years ahead in time with new WGs struggling to integrate pre-shared keys
> > authentication into a framework that wasn't meant to support it.
> > - Integration of pre-shared keys authentication into IKEv2 and
> > IKE-SIGMA is
> > simple. I not that an expert to say if this can be done in JFK,
> > but I think
> > that the new version of IKE must support pre-shared keys authentication.
> >
> >  Sara.
> >
> > ----- Original Message -----
> > From: Alex Alten <Alten@netvista.net>
> > To: Wang, Cliff <CWang@smartpipes.com>; <ipsec@lists.tislabs.com>
> > Sent: Thursday, December 06, 2001 5:20 AM
> > Subject: Re: Please save the pre-shared key mode
> >
> >
> > >
> > > I *strongly* 2nd this motion.  It would be extremely foolish
> > > to eliminate PSK support.  Foolish in this case translates into
> > > lots of extra expensive hardware, etc., for our poor customers.
> > >
> > > Of course software can handle the complexity of key distribution,
> > > thus eliminating the supposed advantage of PK v.s. PSK.
> > >
> > > Cliff, you need to understand the reason why PK is so popular
> > > with the IP crowd here.  Basically most of the older, influencial
> > > developers/architects are very pro-privacy. They grew up in the 60's
> > > and 70's during the height of the US Vietnam anti-war protests.
> > > PK really fits into their group-think philosphy of distrusting the
> > > government or whatever (dispite the fact that in the US, Europe and
> > > Japan most governments are very representative of the people).
> > >
> > > Unfortunately for them, in the real world, IP routing layer
> > > infrastructure is owned by corporate or governmental organizations,
> > > not by individuals.  Therefore privacy is being granted by the
> > > organization to the individual in order to use and access network
> > > resources owned by that organization.  PK does *not* fit this model
> > > very well.  After all why does an individual need generate a private
> > > key to access an organization's computers?  Might as well just hand
> > > him the private key, therefore PSK works just as well.
> > >
> > > The pity is that this heavy bias toward PK then blinds these guys
> > > and gals to the real problems with PK, primarily that it is **dog
> > > slow**, and tends to expand things (to the modulus size) thus making
> > > it a pain-in-the-ass to stick into a protocol (especially one that
> > > has to go over a slow, noisy wireless link).  Basically PK is
> > > the crypto world's equivalent of the networking world's ASN.1.
> > > It will be with us always whether we like it or not. Ugh.
> > >
> > > BTW, AtHome made it very clear to me recently that I (or my ISP ATT/TCI)
> > > had absolutely no rights to their network computers (like my email inbox
> > > on one of their servers).  A rather clear demonstration of the fact
> > > that my network access is a privilege granted by an organization (in
> > > exchange for money in this case), not a right.  Therefore using PK for
> > > it's secret private key advantage is rather useless.  AtHome would
> > > have cared less if I used PK or PSK with a VPN to access their email
> > > server.
> > >
> > > - Alex
> > >
> > >
> > >
> > >
> > > At 08:27 PM 12/5/2001 -0000, Wang, Cliff wrote:
> > > >
> > > >
> > > > I have noticed that pre-shared key has been eliminated in the
> > > > new key management protocol drafts. I understand the urge to
> > > > simplify the existing IKE protocol. However, I do think that
> > > > pre-shared key mode should be left as an option. There are a
> > > > couple of reasons for that suggestion:
> > > >
> > > > 1) Simplicity
> > > > Pre-shared key mode is simpler to support by eliminating the
> > > > requirement of supporting complex PKI. Without the pre-shared
> > > > key mode, are we forcing ourselves into using PKI system
> > > > (assuming we are not using KINK)? If so, I would like to suggest
> > > > that the new IKE replacement draft authors add the PSK options.
> > > > There are many existing deployment of PSK based IPsec VPN and
> > > > service providers are happy to keep the way it is without using
> > > > PKI.
> > > >
> > > > 2) Cost
> > > > Running PKI requires additional resources and increase the overall
> > > > cost of VPN deployment for managed service providers, while end
> > > > customer sees no increased benefits. If a customer out-sources his
> > > > VPN and he only cares about site-to-site secure connection, he is
> > > > probably not willing to choose a more costly PKI based solution.
> > > >
> > > > 3) Scalability
> > > > Although PKI does provide a much better scalability in key delivery,
> > > > for a managed VPN where each device has a secure channel to the
> > > > managing server, this advantage is less important. PSK can be
> > generated
> > > > and provisioned to each box via the management channel to the device
> > > > easily for a managed VPN, along with other IPsec tunnel parameter
> > > > settings. Under such a centralized managed VPN, PSK based solution has
> > > > a good scalability.
> > > >
> > > > We have implementations and operational experience that show that an
> > > > automated VPN management tool has no scalability difficulties managing
> > > > PSK for each tunnel.  Therefore we believe that PSK is a viable choice
> > > > for VPN implementations and that PSK mode should be saved.
> > >
> > > --
> > >
> > > Alex Alten
> > > Alten@Home.Com
> > >
> >
> >
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:

Re: Please save the pre-shared key mode

From: Ricky Charlet <rcharlet@redcreek.com>

References:

RE: Please save the pre-shared key mode

From: "Alister Yap" <alister@colt.net>

Prev by Date: Re: Please kill preshared key.
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: RE: Please kill preshared key.
Next by thread: Re: Please save the pre-shared key mode
Index(es):
- Main
- Thread