[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please kill preshared key.



What I infered is that
the pre-shared symmetric key can be used for both authentication and
encryption
without key-exchange (KE) since this key is exchnaged through
'out-of-band' secured channel and is *intended* for the two devices only.

As for authentication purpose,
I see the RSA asymmetric key is more
appropriate than symmetric in two reason as we have discussed:
1)  scalable (public key sharable among the realms)
2) the key is binded to device, not link

Since this thread is 'kill preshared key', I would only agree take out
pre-shared symmetric key but not pre-shared asymmetric key,
such as self-signed cert.

--- David


----- Original Message -----
From: "Wang, Cliff" <CWang@smartpipes.com>
To: "'david chen'" <ietf_davidchen@hotmail.com>; <ipsec@lists.tislabs.com>
Sent: Thursday, December 06, 2001 11:00 PM
Subject: RE: Please kill preshared key.


>
> IKE is for "key exchange" and derives the key for IPsec SA.
>
> Pre-shared key is for authentication in IKE SA.
>
> I think you have confused Phase 1 pre-shared key authentication with a
> pre-shared key IPsec SA (static key IPsec SA) which doesn't need key
> management. :(.
>
> -----Original Message-----
> From: david chen [mailto:ietf_davidchen@hotmail.com]
> Sent: Thursday, December 06, 2001 5:30 PM
> To: sommerfeld@east.sun.com; ipsec@lists.tislabs.com
> Subject: Re: Please kill preshared key.
>
>
> Agree,
>
> IKE is for 'key exchange'.
> It is *no* needs to change keys in pre-shared key mode.
>
> In the pre-share key model, the two devices can just go directly to phase
2
> of IPSec.
>
> --- David
>
>
>
>
> ----- Original Message -----
> From: "Bill Sommerfeld" <sommerfeld@east.sun.com>
> To: <ipsec@lists.tislabs.com>
> Sent: Thursday, December 06, 2001 1:47 PM
> Subject: Please kill preshared key.
>
>
> > Since there are people arguing to save preshared key, I just wanted to
> > reemphasize that:
> >
> >  0) it adds cryptographic complexity -- you essentially need a
> > different cryptographic protocol for PSK vs. signature keys.  Let's
> > spend the cycles of our cryptographers on more important stuff than
> > this.
> >
> >  1) it adds YET ONE MORE OPTION you need to test, one more knob you
> > can misconfigure.. more time for customers spent fumbling around
> > trying to figure out how to configure systems.
> >
> >  2) equivalent functionality can be found in preconfigured public keys
> > and/or self-signed certificates.
> >
> > There's no need for it, it adds complexity.  Kill it.
> >
> > - Bill
> >
>


Follow-Ups: References: