[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure legacy authentication for IKEv2

To: Stephen Kent <kent@bbn.com>
Subject: Re: Secure legacy authentication for IKEv2
From: David Jablon <dpj@theworld.com>
Date: Fri, 27 Dec 2002 17:19:40 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <p05100305ba2cf376e31f@[128.89.88.34]>
References: <5.1.0.14.0.20021220184329.00a2aac0@pop.theworld.com><5.1.0.14.0.20021219134708.00a55b00@pop.theworld.com><5.1.0.14.0.20021219134708.00a55b00@pop.theworld.com><5.1.0.14.0.20021220184329.00a2aac0@pop.theworld.com>
Sender: owner-ipsec@lists.tislabs.com

At 12:12 PM 12/23/02 -0500, Stephen Kent wrote:
>We need to be able to make statement about the security of the key material used for packet confidentiality and packet integrity irrespective of the peer authentication mechanism chosen. To do otherwise would unduly complicate the overall system. That's why the current separation is desirable.

That part of your reply seems reasonable.

I'll attempt to describe a simple change that cannot possibly degrade any
security analysis of the existing system, that can be used to provide
an added layer of security when using legacy credentials,
and that maintains the necessary cryptographic isolation.

-- David

References:
- Re: Secure legacy authentication for IKEv2
  - From: David Jablon <dpj@theworld.com>
- Re: Secure legacy authentication for IKEv2
  - From: David Jablon <dpj@theworld.com>
- Re: Secure legacy authentication for IKEv2
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Secure legacy authentication for IKEv2
Next by Date: Out of Office AutoReply: End Sitestat4 code
Prev by thread: Re: Secure legacy authentication for IKEv2
Next by thread: Re: Secure legacy authentication for IKEv2
Index(es):
- Date
- Thread