Re: SOI QUESTIONS: 2.1 Identity protection questions?

[Ari Huttunen <Ari.Huttunen@f-secure.com>]

> OK, that should kick off the discussion.  IPSEC wg, please answer the
> questions:
> 
> 2.1.A.)  Does SOI need to provide protection against passive
> attacks for the initiator?
> 
YES
> 2.1.B.)  Does SOI need to provide protection against active
> attacks for the initiator?
> 
YES
> 2.1.C.)  Does SOI need to provide protection against passive
> attacks for the responder?
> 
YES
> 2.1.D.)  Does SOI need to provide protection against active
> attacks for the responder?
NO

Note that this has implications for re-keying: the responder may
not be able to initiate re-keying if that implies re-authenticating.
I know some gateway vendors for some reason wish to do that.

Henry Spencer wrote:
> I'd prefer to see the initiator protected against active attacks, not just
> passive.  And I'd go along with the idea of allowing the responder to ask
> for an exchange of roles, preferably in the simplest way possible.

I'm a bit uneasy with this. Having this capability opens up a security risk,
either by someone forging this 'reversal' packet, or by some very popular server
turning that 'reversal' feature on. It also implies a user-interface option
for the client: allow/disallow 'reversal'. No user's going to understand
that option.

A better way to protect a responder's identity is to assign that responder
some pseudo-identity that's no use for the attacker. A pseudo-identity will
protect the identity against valid inititators also.

Ari


-- 

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com 

F(ully)-Secure products: Securing the Mobile Enterprise