[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [mobile-ip] Re: replacing IPsec's replay protection?

On Wednesday 03 April 2002 12:51, Michael Thomas wrote:
 >>   I don't think that "interoperability" is quite
 >   the right word here. A mobile node and home agent
 >   which run IPsec/IKE could be interoperable.
 >   However, in practice unless I am part of that
 >   domain, know the right authentication
 >   mechanisms, etc, we might not be able to
 >   mutually authenticate. 

Hmm, I see your point. But:

 >  This is a deployment
 >   issue, however, not an interoperability issue.

Not quite, because if one implementation chose KINK
and another - IKE, they won't be able to talk regardless.

 >   Use of IKE, SOI, KINK, manualkey, manualkey+
 >   are all deployment isses, IMO.

I disagree for the reason stated above. Where to get certs
may be a deployment issue. Whether certs are supported,
clearly is not just deployment...

 >   .....I think it's quite reasonable for MIP to say
 >   that something better than straight manual keys
 >   is needed, but specifying how it's accomplished
 >   shouldn't be a requirement any more than MIP
 >   shouldn't be saying that you must implement IKE
 >   with certs or IKE with pre-shared keys, or IKE
 >   with AAA hacks, or whatever.

Saying "must support IKE" implies a whole bunch, including
support for certs and pre-shared keys. If you happened to
implement IKE (as currently specified) without cert support,
you just produced a non-conformant code.


 > > 1. "Negotiate on paper" - i.e. define most if not all the
 > > attributes of=20 SA that should satisfy usage criteriae (including
 > > the crypto suite). 2. Select a simple key agreement protocol (any
 > > Bellare-Rogaway=20 derivative should do nicely) - such as
 > > *interlocked* CHAP or AKA. 3. Specify all of the above in a generic
 > > draft.
 >
 >   IMO, at the point you have to put a shared key
 >   into both boxes, you might as well put the rest
 >   of the information in there too. At the point
 >   you want to start negotiating stuff, you've
 >   already gone beyond "lightweight" IMHO :-)

1. You have to put something, period - be it a pre-shared key for IKE,  
or certs for IKE, or pre-shared key for something else. No way around 
it. Otherwise you won't be able to authenticate.

2. Negotiaton can be limited to auth and derivation of the key - sounds 
very light-weight to me.


 > > The above doesn't make sense, because you *have* to have something
 > > in NVRAM regardless. The question is - exactly what. And a
 > > simplified approach allows you to "memorize" less than IKE or
 > > JFK would require.
 >
 >   You don't need *per node* permanent memory for
 >   IKE/KINK/SOI. That's the difference.

And where would you store the secrets that IKE/KINK/SOI require, if not 
in per-node permanent memory?
-- 
Regards,
Uri
-=-=-<>-=-=-
<Disclaimer>