[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RESEND: Thoughts on identity attacks

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: RESEND: Thoughts on identity attacks
From: "Scott G. Kelly" <skelly@SonicWALL.com>
Date: Tue, 05 Feb 2002 15:14:47 -0800
CC: ipsec@lists.tislabs.com
Organization: SonicWall
References: <200202050402.g1542U214434@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

A few comments interspersed below...

Michael Richardson wrote:
<trimmed...> 
>     VPNC> 3. Who needs identity protection
> 
>     VPNC> In key negotiations, the IP address of each IPsec system is always
>     VPNC> known to a passive or active attacker. The identities being
>     VPNC> protected by the key negotiation system are those in the
>     VPNC> certificates or identification payloads.
> 
>     VPNC> Typically, an IPsec system that is at the same IP address over a
>     VPNC> long period of time does not need identity protection because an
>     VPNC> attacker can use other means (such as traceroute and reverse DNS
>     VPNC> lookup) to determine its identity. Identity protection is most
>     VPNC> useful to users with dynamic IP addresses, usually users whose IP
>     VPNC> address is assigned by DHCP or by a variety of different ISPs.
> 
>   3) a system may have numerous identities.
> 
>      People have forgotten this in the windoz-road-warrior<->gateway
>      scenarios, but those of building ("real") systems that use IPsec in
>      routine process-process scenarios have a multitude of identities
>      (i.e. users, servers) that may cause negotiation to occur.

Precisely - an IKE implementation may use different identities for
different flows, and I don't think the fact not many fielded vpn
implementations currently support this should be used as proof that this
capability is not important.

<more trimmed...>

>   The protocols should permit some notion of "rekeying" for identities
> within the phase 1 SA. That is, I should be able to use this opaque (but
> trusted) identity to start things off, and then offer new identities
> afterwards. Whether one permits multiple concurrent identities (attaching
> them to individual phase 2 negotiations perhaps) or only a single identity at
> a time, is an engineering tradeoff that needs to be made.

I think I agree, but upon re-reading, I'm not sure that what I think I
understand is what you actually mean. I think the current IPsec spec has
hooks for this via the phase 2 ID payloads. That is, it is conceivable
that a given phase 1 identity is "authorized" to represent one or more
phase 2 identities (which may be presented in phase 2 ID payloads). Is
this the capability you are after, or are you referring to something
else?

Scott

Follow-Ups:
- Re: RESEND: Thoughts on identity attacks
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: RESEND: Thoughts on identity attacks
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Certificates from Verisign
Next by Date: Re: RESEND: Thoughts on identity attacks
Prev by thread: Re: RESEND: Thoughts on identity attacks
Next by thread: Re: RESEND: Thoughts on identity attacks
Index(es):
- Date
- Thread