[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Modefg considered harmful
Van Aken Dirk <Dirk.VanAken@thomson.net> writes:
> I can understand your argument in the sense that IKE is doing the
> authentication of the identity and that somehow we want to bind this
> identity to an inner IP address. But on the other hand for static
> configurations this binding is not performed. e.g. Assume two SGW's talking
In a static configuration this binding is done statically. For
example, you say in your policy: IKE-ID "alice" has address "1.2.3.4",
IKE-ID "bob" has addresses "2.3.4.16/28", and so on. When you are
statically configured, you still get this binding -- it's just
performed, well, statically...
> Why should the road warrior/dynamic IP case be more secure than the
> SGW/static case ?
It's not "more secure". I'm trying to make sure it is "as secure" as
a static configuration. Without this binding it is most certainly
"less secure", because you may be letting invalid traffic through.
> > Similarly, I see nothing wrong with ModeCfg just configuring the IP
> > Address, and then using DHCP to obtain all the other configuration
> > once the network is up. Indeed, modecfg could even provide the dhcp
> > address ;)
>
> I guess there is consensus on this point; great ! So at least let's make the
> DHCP server attribute in IKEModeCfg as a MUST implement otherwise people
> cannot rely on it.
That's perfectly fine with me.
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com