Re: The remaining IKEv2 issues

[Yoav Nir <ynir@CheckPoint.com>]

Hi Tylor,

The reason we can't make doing this a MUST NOT is that the IKEv2 
document is designed to be used by implementors, not administrators and 
definitely not users.  We can say "GTC is OK" or "MUST NOT use GTC".  
We can even say "GTC MUST NOT be used unless the passwords are local to 
the VPN endpoint".  We can't mandate user behavior like "you can't use 
the GTC server for IKE if you can also do GTC over unencrypted PPTP or 
over unauthenticated PEAP".  We can definitely not say "you should only 
authenticate with GTC if you verify the server's certificate correctly 
in PEAP"

In short, you can mandate things about IKE, but not about other users 
of the legacy authentication.  It would be up to the implementor to 
tell the user not to use insecure methods, perhaps by displaying a 
warning message in the GUI.  For the RFC, it's either in or out.

On Tuesday, August 19, 2003, at 04:17 PM, Tylor Allison wrote:

> So the MITM attack on non-kg methods is possible for EAP messages being
> transmitted outside of IKEv2 (e.g. not between IPsec peers), and occurs
> because either the EAP messages are being passed in the clear, or the
> server in a protected EAP protocol (e.g. PEAP) is not being 
> authenticated
> properly.
>
> Why not make doing this a MUST NOT?  Aren't there many ways to make 
> non-kg
> EAP methods protected from MITM?  How about: