Re: How important is identity protecton?

[Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>]

I have a lot of sympathy with your question, but the bottom
line is that is doesn't matter a lot, and it's more important
at this point to get the spec out quickly.

I was originally unconvinced that identity hiding mattered
at all, but it doesn't cost a lot to provide it.
And then I believed that hiding the initiator's identity
from an active attacker was more important than hiding the
responder's identity. As a matter of fact, we argued that point of view
in a paper a few years ago:

http://sec.femto.org/wetice-2001/papers/radia-paper.pdf

And the original JFK and SIGMA protocols also did that (had
the responder reveal and prove its identity first). So your
point of view is certainly reasonable, and was shared by
many people.

However, when writing IKEv2, we decided that there was
more of a problem with a "polling attack", where someone
could find out who was listening at a particular IP address just
by initiating a connection to it. The WG, when faced with
the two styles, seemed to have consensus around avoiding the
polling attack. The reasoning was
that IKE is a peer-to-peer protocol where either
side can initiate, and the polling attack is way easier (just
initiate a connection to an IP address) than impersonating the
responder's IP address and seeing who connects.
Based on these arguments and the perceived consensus of the
WG, JFK and SIGMA added handshakes to avoid the polling attack.

So at any rate, this issue has been considered.

I think it's far-fetched to come up with a scenario where
it would be horrible if
you could be tricked into revealing that you are attempting to
connect to someone. In a case like two freedom-fighters trying to
talk across the Internet, it would seem prudent to use an anonymizer
and an identity other than your name and address. In the case of
trying to buy porn on the Internet (the canonical example of
the client wanting to hide its identity :-)  ) one could easily
tell the police, once you realized Bob wasn't really Bob, that you'd merely
connected to the wrong IP address.

But as I said at the beginning, the alternatives just aren't important
enough or a clear-cut security advantage, to change now.

And by the way...I understand that with legacy authentication added,
there will be a possibility for Alice to demand that Bob say who
he is before she reveals who she is. This wouldn't lead to
a generalized polling attack, because this requires Bob to both
support legacy authentication and be willing to reveal his identity first.

Radia



	From: king wu <wmyking49@yahoo.com.cn>
	Subject: How important is identity protecton?
	To: ipsec@lists.tislabs.com
	MIME-Version: 1.0
	Content-Transfer-Encoding: 8bit
	
	hi,all
	    In IKE, how important is identity protecton?
	    In IKEv1, only the main mode with public key
	encrytion can protect identity of both sides from a
	active attacker.However, the modes are removed in
	IKEv2 and JFK. IKEv2 or JFKr just can protect
	responser's identity from a active attacker. 
	    In my opinion, we should protect a initiator's
	indentity rather than a responser, because a responser
	is usually stationary and its identity information can
	be found more easily.
	    However, the thing puzzles me is that for a active
	attacker, will he acctack a link more easily if he
	gets the identity information of one side or both. If
	the answer is yes, then why not we try to protect the
	identitis of both sides? 
	    So, i have to ask,"how important is identity
	protecton?" 
	    please help,
	    think you
	
	_________________________________________________________
	Do You Yahoo!? 
	"是IT精英吗？小试牛刀获时尚大奖！"
	http://cn.promo.yahoo.com/cgi-bin/udb/u