Re: ISAKMP and SSL

[Eric Rescorla <ekr@rtfm.com>]

> When I read RFC 2408 they described ISAKMP as a generic key management
> protocol for all security protocols but till now the large deployment of
> ISAKMP was only with IPSEC
> My question is, can we use it with SSL/TLS?
> The goal of this issue is to add new services in SSL/TLS (identity
> protection, attribute certificate passing for access control schemes,
> non-repudiation…).

The basic answer here is no.

TLS has its own key management scheme and really isn't designed
to have pluggable key management. That said, with respect to your
specific desired security services:

(1) You can get identity protection for TLS in a number of ways,
    none quite as good as you would get with IPsec.

    (a) do an initial anonymous DH exchange and then do the
	ordinary handshake. This still allows an active attacker
	to get both identities.

    (b) do an initial cert-based exchange (this exposes the
	server's identity) and then rehandshake to have the
	client identify.
 
    (c) combine the above two techniques :)

(2) TLS has an extensions mechanism so you could use that to
    pass around attribute certificates.

(3) ISAKMP doesn't really offer non-repudiation either, so you
    wouldn't get any benefit from melding it with TLS.

-Ekr
	
-- 
[Eric Rescorla                                   ekr@rtfm.com]
           Web Log: http://www.rtfm.com/movabletype