[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.1 Identity protection questions?
> OK, that should kick off the discussion. IPSEC wg, please answer the
> questions:
>
> 2.1.A.) Does SOI need to provide protection against passive
> attacks for the initiator?
>
YES
> 2.1.B.) Does SOI need to provide protection against active
> attacks for the initiator?
>
YES
> 2.1.C.) Does SOI need to provide protection against passive
> attacks for the responder?
>
YES
> 2.1.D.) Does SOI need to provide protection against active
> attacks for the responder?
NO
Note that this has implications for re-keying: the responder may
not be able to initiate re-keying if that implies re-authenticating.
I know some gateway vendors for some reason wish to do that.
Henry Spencer wrote:
> I'd prefer to see the initiator protected against active attacks, not just
> passive. And I'd go along with the idea of allowing the responder to ask
> for an exchange of roles, preferably in the simplest way possible.
I'm a bit uneasy with this. Having this capability opens up a security risk,
either by someone forging this 'reversal' packet, or by some very popular server
turning that 'reversal' feature on. It also implies a user-interface option
for the client: allow/disallow 'reversal'. No user's going to understand
that option.
A better way to protect a responder's identity is to assign that responder
some pseudo-identity that's no use for the attacker. A pseudo-identity will
protect the identity against valid inititators also.
Ari
--
Ari Huttunen phone: +358 9 2520 0700
Software Architect fax : +358 9 2520 5001
F-Secure Corporation http://www.F-Secure.com
F(ully)-Secure products: Securing the Mobile Enterprise