[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Son-of-IKE Selection Criteria?

To: "'Derek Atkins'" <warlord@mit.edu>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: Son-of-IKE Selection Criteria?
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Fri, 7 Dec 2001 09:12:36 -0800
Cc: "'Walker, Jesse'" <jesse.walker@intel.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

First let us be clear about the different types of dynamic address. In
practice very few addresses are genuinely 'dynamic'.

Second, in this I will talk about 'certificates' since they are what the
group are familliar with. But remember that this is simply a shorthand for
'binding of data to a private key' and there might be a scheme such as XKMS
supporting the use.

1) The Address is actually static but is dynamically reallocated for
operational reasons.
	E.G. most cable modem addresses which rarely change (unless excite
goes bankrupt that week).

	Can issue a certificate bound to the IP address

	If the IP address changes, revoke & reissue (note, probably want to
use XKMS rather than CRLs!)

2) The Address is dynamic being allocated each time from a fixed pool.
	E.G. dial up access

Here we have a number of approaches,

A) Generate a key / cert for each address in the pool.
	When the initiator attempts to connect to the responder with the
client credential, the request is intercepted at the POP. The POP first
performs a key agreement using the key bound to the IP address, then once
the tunnel is created forwards the client request through the tunnel.

B) Use disposable key / cert pairs.
	The initiator applies for a pool of key/cert pairs which are cached.
These are discarded after a single use. The disposable key/cert pair may not
even be certified by a trusted third party, it may be self signed.

C) Issue a certificate that has a wild card in it
	E.G. 18.23.1.* (think binary mask)


While the cost of such systems may appear high the concealment of identity
is inherently an expensive process IF DONE WELL. If the concealment is poor
then better not to bother at all.

	Phill


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Derek Atkins [mailto:warlord@MIT.EDU]
> Sent: Wednesday, December 05, 2001 3:33 PM
> To: Hallam-Baker, Phillip
> Cc: 'Walker, Jesse'; ipsec@lists.tislabs.com
> Subject: Re: Son-of-IKE Selection Criteria?
> 
> 
> Phill,
> 
> "Hallam-Baker, Phillip" <pbaker@verisign.com> writes:
> 
> > 1. Issue every device an IP identity credential bound to 
> its IP address.
> > 	This is the ONLY form of identity that can provably prevent any 
> > 	additional disclosure of identity in an IP environment 
> since your
> > 	IP address is known in any case.
> > 
> > 2. Perform two sequential key agreements, ]
> > 	first an IP address based agreement
> > 	second an identity based agreement encrypted under the 
> key of (1).
> > 
> 
> How would you cope with machines with dynamic IP address?
> 
> -derek
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
>

Phillip

Follow-Ups:

RE: Son-of-IKE Selection Criteria?

From: Michael Thomas <mat@cisco.com>

Prev by Date: Re: Please kill preshared key.
Next by Date: RE: Son-of-IKE Selection Criteria?
Prev by thread: Re: Son-of-IKE Selection Criteria?
Next by thread: RE: Son-of-IKE Selection Criteria?
Index(es):
- Main
- Thread