[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do ipsec vendors care about privacy?
Yoav Nir wrote:
> That's way too many RTTs. I think an extra RTT is a greater problem when
> interacting with a human, because humans are more impatient than machines.
I disagree with you.
However if we can do it with less RTT, let's do with less RTT! :-)
If I've not misunderstood, Hugo's proposal should work like this (right?):
Initiator Responder
----------- -----------
HDR, SAi1, KEi, Ni -->
<-- HDR, SAr1, KEr, Nr, [CERTREQ]
HDR, SK {[CERTREQ,] [IDr,]
SAi2, TSi, TSr} -->
<-- HDR, SK {IDr, [CERT,] AUTH,
EAP }
HDR, SK {IDi, EAP, [AUTH]} -->
<-- HDR, SK {EAP, [AUTH],
SAr2, TSi, TSr }
This sounds fine for me. In such a scenario (legacy authentication) we
open IDr to passive attack, however I think that here we have to protect
Initiator Identity rather than IDr...
In the previous message I wrote something incorrect.
When we are using EAP we open IKEv2 to passive attack on IDr, but this
doesn't happen because of Hugo's proposals. Even in IKEv2-05 we have the
same problem.
If Eve uses a spoofed IDi and doesn't put AUTH payload in message 3 (she
wants to use legacy authentication,) she can mount a polling attack.
(because only in message 4 that she proves her Identity)
[SNIP]
> Yoav
--
------------------------------------------------
Antonio Forzieri
CEFRIEL - Politecnico di Milano
Tesista Area E-Service Tecnologies
Tel: 02-23954.334 - email: forzieri@cefriel.it
ICQ# 177683894
------------------------------------------------