[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Son-of-IKE Selection Criteria?

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: Re: Son-of-IKE Selection Criteria?
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Fri, 07 Dec 2001 15:13:32 -0500
Cc: "'Derek Atkins'" <warlord@mit.edu>, "'Walker, Jesse'" <jesse.walker@intel.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

The real problem here is that it puts the local operator -- the ISP, 
the hotel, the conference LAN organizers -- in the critical path.  If 
one needs an address-based certificate, one can't do *anything* without 
local operator co-operation.  Apart from the fact that that doesn't 
scale very well -- between last Tuesday and next Friday, I'll have been 
in four different cities, have used or will use at least four different
LANs (two of which used borrowed jacks and/or IP addresses), etc., and 
I'd have used more if airports and train stations (and, for that 
matter, airplanes and trains) had 802.11 or Ethernet available.  Why 
should I need to go through that many ISPs instead of having a 
certificate (public key, actually) issued by my employer for VPN access?

In message <2F3EC696EAEED311BB2D009027C3F4F4058698B5@vhqpostal.verisign.com>, "
Hallam-Baker, Phillip" writes:

>
>First let us be clear about the different types of dynamic address. In
>practice very few addresses are genuinely 'dynamic'.
>
>Second, in this I will talk about 'certificates' since they are what the
>group are familliar with. But remember that this is simply a shorthand for
>'binding of data to a private key' and there might be a scheme such as XKMS
>supporting the use.
>
>1) The Address is actually static but is dynamically reallocated for
>operational reasons.
>	E.G. most cable modem addresses which rarely change (unless excite
>goes bankrupt that week).
>
>	Can issue a certificate bound to the IP address
>
>	If the IP address changes, revoke & reissue (note, probably want to
>use XKMS rather than CRLs!)
>
>2) The Address is dynamic being allocated each time from a fixed pool.
>	E.G. dial up access
>
>Here we have a number of approaches,
>
>A) Generate a key / cert for each address in the pool.
>	When the initiator attempts to connect to the responder with the
>client credential, the request is intercepted at the POP. The POP first
>performs a key agreement using the key bound to the IP address, then once
>the tunnel is created forwards the client request through the tunnel.
>
>B) Use disposable key / cert pairs.
>	The initiator applies for a pool of key/cert pairs which are cached.
>These are discarded after a single use. The disposable key/cert pair may not
>even be certified by a trusted third party, it may be self signed.
>
>C) Issue a certificate that has a wild card in it
>	E.G. 18.23.1.* (think binary mask)
>
>
>While the cost of such systems may appear high the concealment of identity
>is inherently an expensive process IF DONE WELL. If the concealment is poor
>then better not to bother at all.

Follow-Ups:

Re: Son-of-IKE Selection Criteria?

From: Michael Thomas <mat@cisco.com>

Prev by Date: RE: Please save the pre-shared key mode
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: Re: Son-of-IKE Selection Criteria?
Next by thread: Re: Son-of-IKE Selection Criteria?
Index(es):
- Main
- Thread