[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

need for encrypting IKE QM exchange



Hi,

There is a question I would like to ask regarding the need to
encrypt the IKE Quick Mode exchange. I couldn't find throughout
RFC2408 and RFC2409 a clear explanation to why SA, Nx, KE need to be
encrypted (since the messages are authenticated anyway). 

SA, Nx and KE only indicate to a potential attacker the transforms that
are being used and the SA's lifetime, which imo is harmless.

Clearly IDci, IDcr must be encrypted, and the only answer I could figure
out to the question above is that, since the protocol does not provide
support for individual payloads to be encrypted, the whole message is
encrypted instead.

Looking at JFK I noticed however that "sa" and "sa'" are also
transported (within message 3 and 4) in encryted form.

The ultimate question is whether, assuming another protocol than IKE is
used to negotiate SAs, SA, Nx and KE could be transported in plain text.
Of course it is "better" to have them encrypted, but I cannot understand
why would it be "worse" to have them in clear.

Any comments would be gratly appreciated.

John.