[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure legacy authentication for IKEv2

To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: Re: Secure legacy authentication for IKEv2
From: Derrell Piper <ddp@electric-loft.org>
Date: Tue, 24 Dec 2002 06:06:10 -0700
Cc: ipsec@lists.tislabs.com
In-Reply-To: <Pine.GSO.4.21.0212240007560.6826-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

Hugo,

In EAP the identity request is optional, so if the server side somehow 
knows ahead of time the presumed identity of the peer (typical example 
is leased line), it could begin the EAP exchange with a challenge and 
complete in four.  I'd also guess for EAP using CHAP/MD5 that a clever 
implementation could begin with the challenge if you knew that you'd be 
picking up the identity (out-of-band w.r.t. EAP) before you'd have to 
process the EAP response and you had a rich enough EAP API to be able 
to associate an identity with a pending EAP request.  But that's a 
hack.  And for OTP and tokens, this optimization isn't possible because 
you need to the username to lookup the sequence or generate the 
challenge.  So in the general case, I don't see an obvious way to do 
this and preserve client identity protection.

Derrell

On Monday, December 23, 2002, at 04:26 PM, Hugo Krawczyk wrote:

> PS: Question: you say that the SLA exchange with EAP must have 6 
> messages
> at least. Aren't there EAP methods where the server (responder in SLA)
> sends its challenge already in the first EAP message? In this case the
> whole SLA exchange can be completed in 4 msgs rather than 6.

References:
- Re: Secure legacy authentication for IKEv2
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: speaking of keys
Next by Date: Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-05.txt
Prev by thread: Re: Secure legacy authentication for IKEv2
Next by thread: Re: Secure legacy authentication for IKEv2
Index(es):
- Date
- Thread