Re: Adding revised identities to IKEv2

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 2:43 PM -0500 11/12/02, Stephen Kent wrote:
>As many of you know, I try to avoid the T-word (trust) in almost all 
>security technology discussions. I'd like to suggest that it is 
>inappropriate in this discussion as well.  Let me explain:
>
>	- two IPsec peers do not necessarily trust one another. they 
>need to communicate securely, but that does not equate to trust in a 
>broader sense.  the access controls in IPsec permit each peer to 
>limit the part of the address space to which the other is granted 
>access, and to constrain the protocols that are employed.

Assume you have someone who doesn't let most people communicate with 
them in a particular way, but does let some people communicate with 
them in that particular way after verifying their identity. You are 
saying that that is not "trust"? If so, then we are splitting hairs. 
"I authorize you to do X" means that I trust my method of being sure 
that you are you, and that I trust you to do X correctly and safely.

>I suggest that we better document these notions, and offer as 
>examples, the sort of identification and authentication processes I 
>note above as we go forward with IKE v2.

It doesn't look like this any different than what we have in IKEv1 
today: it just looks like different nomenclature. Unless this would 
make IKEv2 more secure, or would make it easier for administrators to 
understand what it is they are doing, it doesn't seem like changing 
the nomenclature from IKEv1 would be a good idea.

--Paul Hoffman, Director
--VPN Consortium