[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Do ipsec vendors care about privacy?

To: "'Antonio Forzieri'" <antonio.forzieri@cefriel.it>, "'IPsec WG'" <ipsec@lists.tislabs.com>
Subject: RE: Do ipsec vendors care about privacy?
From: "Yoav Nir" <ynir@CheckPoint.com>
Date: Wed, 19 Mar 2003 14:34:45 +0200
Importance: Normal
In-Reply-To: <3E785738.5000609@cefriel.it>
Sender: owner-ipsec@lists.tislabs.com

That's way too many RTTs.  I think an extra RTT is a greater problem when
interacting with a human, because humans are more impatient than machines.
It has been generally accepted here that since we already know the
Initiator's ID at message 4, we can skip the EAP Identity and go directly to
the EAP challenge.

Even with Hugo's proposed change, we can send the challenge in message 4,
receive in message 5 both the IDi and the EAP response, and verify them
then.  That way we still have only 3 roundtrips altogether.

Yoav

-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Antonio Forzieri
Sent: Wednesday, March 19, 2003 1:41 PM
To: IPsec WG
Subject: Re: Do ipsec vendors care about privacy?


[SNIP]
I think that vendors *care* about privacy... Or at least they should. :-).

The solutions you proposed solves the problem of protecting the
iniziator ID from attive attck, however they let the responder ID opend
to passive attack.

> (1) Simply defer the sending of the user's identity IDi from message
> 3 to message 5 (that is, after message 4 in which the responder
authenticates
> itself).  The difficuty here is that the responder does not have IDi to
base
> its choice of EAP method in message 4. I do not know how much of a
practical
> problem this is (it was never pointed as such in the case of PIC in the
ipsra
> wg), but others will know better.
I think that this is the simplest solution of the two. Initiator, when
it is going to use "legacy autentication", does not have to send IDi to
the responder. This is not a difficulty for the responder (I think).
When Bob doesn't receive IDi and AUTH payload in message 3 will
understand that Alice is going to use a legacy authentication method,
and he send an EAP(Request, Identity) in message 4. Alice can send her
IDi in EAP(Response, Identity) in message 5. This change in IKEv2 will
make handshake 1RTT longer, however I think this isn't a great problem
when we are interactin with a human.


      Initiator(Alice)                   Responder(Bob)
       -----------                        -----------
        HDR, SAi1, KEi, Ni         -->

                                   <--    HDR, SAr1, KEr, Nr, [CERTREQ]

        HDR, SK {[CERTREQ,] [IDr,]
                 SAi2, TSi, TSr}   -->

                                   <--    HDR, SK {IDr, [CERT,] AUTH,
                                                 EAP(Request, Identity)}
        HDR, SK {EAP(Reply, IDi)}  -->

				  <--    HDR, SK{EAP}

        HDR, SK {EAP, [AUTH] }     -->

                                   <--    HDR, SK {EAP, [AUTH],
                                                   SAr2, TSi, TSr }

[snip]

Follow-Ups:
- Re: Do ipsec vendors care about privacy?
  - From: Antonio Forzieri <antonio.forzieri@cefriel.it>

References:
- Re: Do ipsec vendors care about privacy?
  - From: Antonio Forzieri <antonio.forzieri@cefriel.it>

Prev by Date: Re: Do ipsec vendors care about privacy?
Next by Date: Re: Do ipsec vendors care about privacy?
Prev by thread: Re: Do ipsec vendors care about privacy?
Next by thread: Re: Do ipsec vendors care about privacy?
Index(es):
- Date
- Thread