[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Identity protection [Re: Working Group Last Call IKEv2]

I want to formally raise the issue of identity protection once again, 
now that we are in last call. This has been referred to by Hannes and 
Hugo in recent posts, and was discussed previously here.

I don't think anyone will disagree that identity protection is useful in 
remote access scenarios for a number of reasons. In such cases, the 
identity of the SGW might often be obvious based on its use of a fixed 
IP address, but the identity of the initiator need not be.

In weighing the usefulness of adding identity protection, we might 
consider how difficult it is to see the packets en route against what 
benefit an attacker might derive from knowledge of the identity, and 
also against the cost of securing this information. In many remote 
access scenarios, gaining access to packets containing identities is not 
a simple thing - the cost to the attacker is not insignificant. And the 
derived information does not provide a direct advantage - it is only one 
piece of the puzzle, and in general, significantly more work is required 
to take advantage of it. I think that for these reasons, some folks may 
feel that this protecting the intiator identity is not that important.

Wireless network access is very much like remote access, and IPsec is 
sometimes used to secure such access. However, note that in a large 
number of wlan deployment scenarios, gaining access to the packets 
containing the identity is often straightforward, or even trivial. That 
is, the cost is significantly less than in the wired case. This changes 
the cost-benefit analysis considerably. For this reason, I think we 
should reconsider this. I think identity protection is a *very* 
important feature, and that IKEv2 should support it.


Barbara Fraser wrote:
> Hi,
> This is a working group last call for comments on the IKEv2 draft, 
> draft-ietf-ipsec-ikev2-08.txt, for progression to Proposed Standard:
> This last call will expire in three weeks on June 23, 2003.
> thanks,
> Barb and Ted