[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please kill preshared key.





-----Original Message-----
From: david chen [mailto:ietf_davidchen@hotmail.com] 
Sent: Thursday, December 06, 2001 7:07 PM
To: Scott Fluhrer
Cc: sommerfeld@east.sun.com; ipsec@lists.tislabs.com
Subject: Re: Please kill preshared key.


>Well,
>The pre-shared key model uses 'out-of-band' secured channel to exchange
asymmetric or symmetric >keys. (so is self-signed cert :-)

>In this model, exchnage phase2's symmetric key through 'out-of-band'
secured channel is 
>possible. It is very effective for a small realm. (but can not reach out
other realm, therefore >not scalable).

I am really confused here. Are we talking about IKE or something else?  All
the discussions here are about IKE phase 1 authentication mode. The phase 2
key are derived from D-H exchange. Why phase 2 key needs to be exchanged
"out of band"???


----- Original Message -----
From: "Scott Fluhrer" <sfluhrer@cisco.com>
To: "david chen" <ietf_davidchen@hotmail.com>
Cc: <sommerfeld@east.sun.com>; <ipsec@lists.tislabs.com>
Sent: Thursday, December 06, 2001 6:31 PM
Subject: Re: Please kill preshared key.


>
>
> On Thu, 6 Dec 2001, david chen wrote:
>
> > Agree,
> >
> > IKE is for 'key exchange'.
> > It is *no* needs to change keys in pre-shared key mode.
> >
> > In the pre-share key model, the two devices can just go directly to
phase 2
> > of
> > IPSec.
>
> Ummm, no.  That's not how preshared keys work in IKEv1, and I don't 
> think anyone is advocating such a feature for SOI/JFK/Whatever.  
> Instead, with PSKs in IKEv1, devices authenticate each other by 
> knowledge of the PSK -- without the PSK, a device is unable to compute 
> the SKEYID, and thus will be unable to complete the final part of the 
> IKE transaction.  This means that knowledge of the PSK does not allow 
> an attacker to decrypt a transcript of an IKE session authenticated 
> via that PSK (unless he can solve the DH problem as well).
>
> >
> > --- David
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "Bill Sommerfeld" <sommerfeld@east.sun.com>
> > To: <ipsec@lists.tislabs.com>
> > Sent: Thursday, December 06, 2001 1:47 PM
> > Subject: Please kill preshared key.
> >
> >
> > > Since there are people arguing to save preshared key, I just 
> > > wanted to reemphasize that:
> > >
> > >  0) it adds cryptographic complexity -- you essentially need a 
> > > different cryptographic protocol for PSK vs. signature keys.  
> > > Let's spend the cycles of our cryptographers on more important 
> > > stuff than this.
> > >
> > >  1) it adds YET ONE MORE OPTION you need to test, one more knob 
> > > you can misconfigure.. more time for customers spent fumbling 
> > > around trying to figure out how to configure systems.
> > >
> > >  2) equivalent functionality can be found in preconfigured public 
> > > keys and/or self-signed certificates.
> > >
> > > There's no need for it, it adds complexity.  Kill it.
> > >
> > > - Bill
> > >
> >
>
>