[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please save the pre-shared key mode



On Fri, 7 Dec 2001, Paul Koning wrote:
> [IKE replacement vs new protocol]
> If the latter, then the requirements set is open.  But if the former,
> then the new protocol MUST include among its requirements all the
> features of the earlier protocol that are important.  It is clear from
> looking at customer installations that pre-shared key is a critical
> feature of IKE.

No, it is clear from looking at customer installations that *some* form
of easy-to-set-up self-contained authentication which does not rely on
elaborate infrastructure is a critical feature.  That is the strongest
conclusion which can be drawn from the evidence.

Whether that form has to be "pre-shared key" (better called "shared
secret") is *not* clear.  Most IKE implementations offer no self-contained
alternative, so it is not possible to tell whether the requirement is for
"pre-shared key" or just for *some sort* of self-contained authentication.

The FreeS/WAN experience with preshared public keys suggests that most any
form of simple standardized self-contained authentication would suffice,
e.g. preshared public keys or self-signed certificates. 

> ...If the goal is
> to improve matters for implementers and customers, the goal should be
> to create a new protocol which is indeed a viable replacement for the
> previous protocol, fully entitled to the name "IKE V2" because it
> incorporates the capabilities for which there is a proven need while
> cleaning up in other areas.

Quite so.  But we must be careful to identify those capabilities in the
form of *requirements*, rather than jumping to conclusions about how those
requirements are to be met.  A requirement for a simple self-contained
authentication method does not imply a requirement for "pre-shared key". 

                                                          Henry Spencer
                                                       henry@spsystems.net




References: