[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE2: Do ipsec vendors care about privacy?

To: Gregory Lebovitz <Gregory@netscreen.com>
Subject: Re: RE2: Do ipsec vendors care about privacy?
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Thu, 20 Mar 2003 23:31:53 +0200 (IST)
cc: "''Russ Housley ' '" <housley@vigilsec.com>, "''IPsec WG ' '" <ipsec@lists.tislabs.com>
In-Reply-To: <541402FFDC56DA499E7E13329ABFEA87E66B1C@SARATOGA.netscreen.com>
Sender: owner-ipsec@lists.tislabs.com

Gregory,

Your previous email seemed to be talking about what I described as
solution (2), namely the responder auhenticates in message 2 rather than
in msg 4. In that case the issue of how R knows that he needs to respond
with authentication in message 2 (rather than the regular IKE behaviour)
is a valid question. The only solution I can see for that is to add an
indication from the Initiator in message 1 (either an additional field in
the message or some other trick such a convention about the value of SPI
chosen by I).

The email below, however, seems to be talking about solution (1) in
which the only difference with the current mechanism for EAP support in
ikev2-05 (sec 2.16) is moving IDi from msg 3 to msg 5.
In this case there is no problem for R to know that the initiator intends
to do a EAP-authentication. As explained in page 27 of draft-05:  
 "An initiator indicates a desire to use extended authentication by
   leaving out the AUTH payload from message 3."
Same will hold with the modified solution.

The question is: DOES THE RESPONDER (GATEWAY) NEED TO KNOW the value IDi 
IN ORDER TO DETERMINE THE CONTENTS OF THE EAP PAYLOAD SENT IN MESSAGE 4?

If the answer is NO (as assumed in the PIC protocol developed under the ipsra
WG) then solution (1) provides user's privacy at no extra cost and we should 
certainly go with it for IKEv2.
If the answer is that R CANNOT know how to generate the EAP payload if it does
not know IDi then we can forget of solution (1).  
If the answer is: most usually R does NOT NEED to know IDi 
(but in some special case it may need it) then I'd still go with solution (1). 
In my view, user's privacy in the remote access scenario is more important than
covering some unusual cases.  

IF for some reason solution (1) is deemed inappropriate then solution (2)
should be chosen but then the real question is what indication can the
initiator provide to the responder for the latter to know that it needs to
authenticate (send IDr and AUTH)  in message 2. Note that in this solution
the responder sends the EAP payload in message 4 AFTER having learned IDi
in message 3, so the above problem with solution (1) does not exisit here.

Hugo

On Thu, 20 Mar 2003, Gregory Lebovitz wrote:

> Just had a thinking session with Bill Sommerfeld on this...
> 
> My question, at least from both our perspectives, was valid; neither of us
> could think of a way to know if Bob should send EAP-Challenge in msg 4 w/o
> first having seen IDi, GIVEN -05's CURRENT TEXT ABOUT HOW EAP WORKS. 
> 
> However, we could move IDi to message 5 IF WE CHANGE HOW EAP WORKS. If a Bob
> who supports EAP in at least one of his SPDs ALWAYS sends EAP-Challenge in
> msg 4 for any connection, then we would need to add text as follows:
>  - If Bob has any SPDs calling for EAP, he must ALWAYS send EAP-Challenge in
> msg 4,
>  - It then becomes up to Alice's responsibility (based on SPD) to respond to
> the EAP-Challenge, but only if her SPD calls for it,
>  - Bob cannot determine until receiving IDi in Msg 5 if he actually
> (according to HIS SPD) requires EAP. 
>  - Bob will process or drop depending upon local SPD for IDi
> 
> But, all this is moot if we decide that IDr is more important to protect
> than IDi, as I think we did earlier in list history. The justification being
> that attacker can mount an active attack simply by initiating, and learn
> IDr. 
> 
> Gregory (with bar-input from Bill S. and Derek A.) 
> 
> -----Original Message-----
> From: Gregory Lebovitz
> To: 'Hugo Krawczyk '; 'Russ Housley '
> Cc: 'IPsec WG '
> Sent: 3/19/03 10:58 PM
> Subject: RE: Do ipsec vendors care about privacy?
> 
> First, yes, we do care.
> 
> > The only question is operational: can the responder (server) send the
> > first EAP message before getting IDi? If this is the case (as it was
> in
> > PIC and seems tobe agreed in some responses to my message) then we are
> > done at no cost at all (solution 1). If not, we may need to go to 
> > solution 2 (in which the responder authenticates in message 2). Here
> the
> > main operational issue, pointed out by Antonio, is that you need to
> have
> > a
> > way for the initiator to signal that he is requiring legacy
> > authentication.
> >Hugo
> 
> I think I may be missing something, and would appreciate some
> clarification. Operationally, how can Bob know that he needs to send
> AUTH if he does not receive IDi from Alice, from which to do an SPD
> lookup, to know that AUTH is required for this particular connection?
> Bob will likely be a device doing both EAP'd IKE connections, and
> non-EAP IKE connections. Doesn't he need IDi to know when AUTH is to be
> used?
> 
> Gregory
> NetScreen
>

Follow-Ups:
- Re: RE2: Do ipsec vendors care about privacy?
  - From: Tero Kivinen <kivinen@ssh.fi>
- Re: RE2: Do ipsec vendors care about privacy?
  - From: Antonio Forzieri <antonio.forzieri@cefriel.it>
- Re: RE2: Do ipsec vendors care about privacy?
  - From: Antonio Forzieri <antonio.forzieri@cefriel.it>

References:
- RE2: Do ipsec vendors care about privacy?
  - From: Gregory Lebovitz <Gregory@netscreen.com>

Prev by Date: implementor's view of ikev2 simul rekey
Next by Date: RE: Do ipsec vendors care about privacy?
Prev by thread: RE2: Do ipsec vendors care about privacy?
Next by thread: Re: RE2: Do ipsec vendors care about privacy?
Index(es):
- Date
- Thread