[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please kill preshared key.

To: david chen <ietf_davidchen@hotmail.com>
Subject: Re: Please kill preshared key.
From: Henry Spencer <henry@spsystems.net>
Date: Sat, 8 Dec 2001 23:39:57 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <OE74ZodTWaSOiz8JDx20001854b@hotmail.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 7 Dec 2001, david chen wrote:
> > > What I infered is that
> > > the pre-shared symmetric key can be used for both authentication and
> > > encryption without key-exchange (KE) ...
> > Your inference is incorrect.  That is not how today's IPSec PSK works.
>
> Agree,..
> However, do you agree my statement make sense?

Only if the preshared key is fairly high quality, which it often isn't.
Using a poor key only for gateway authentication exposes you to
impersonation attacks, but those are typically much more difficult to
mount than eavesdropping attacks, which are the dominant failure mode with
a poor encryption key. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Please kill preshared key.

From: "david chen" <ietf_davidchen@hotmail.com>

References:

Re: Please kill preshared key.

From: "david chen" <ietf_davidchen@hotmail.com>

Prev by Date: RE: Please save the pre-shared key mode
Next by Date: Re: Son-of-IKE Selection Criteria?
Prev by thread: Re: Please kill preshared key.
Next by thread: Re: Please kill preshared key.
Index(es):
- Main
- Thread