[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The remaining IKEv2 issues



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>     Theodore> The final issue #65, concerns whether or not non
> key-generating
>     Theodore> EAP methods should be supported, in order to avoid a
>     Theodore> Man-in-the-middle attack (MITM) attack.  However, as
> Charlie
>     Theodore> has pointed out, as used in IKEv2, the server is
> authenticated
>     Theodore> with a certificate before the authentication code is
> passed.
>
> My understanding of the MITM attack on non key-generating EAP
> methods is that nothing we do in IKEv2 prevents this. This is
> because the attack is not between two IPsec devices, but between
> different kinds of devices...

I concur.

> We demand that each end know the generated EAP key so that we can
> bind the key to the authenticator used. The above web server
> wouldn't know the generated key, so the attack is defeated.

I strongly believe that non key-generating methods must not
be allowed, period. Regarding "special auth" methods - see
below.


>     Theodore> In addition, given the requirement to support
> one-time password
>     Theodore> and Generic Token cards, we can not forbid the use of
> non-kg
>     Theodore> EAP schemes....
>
>   So, the only way to support these kind of things is by using EAP?
>   I'm not complaining, I'm just asking for confirmation.

Probably - but these methods don't have to be non-kg. They
may contribute, even though not much - to the kg procedure.

Why not?


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP0FMmLaoikcyvR59EQISdgCgvxwd4Ss9q242AH3BnCd2mMn3z8UAoMPd
hKEX0AyngXQ7w9SZjAItGcWq
=aWob
-----END PGP SIGNATURE-----