|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI Security rough consensus> > By comparison to full IPSec with IKE, using > > SRP to key ESP does not improve security. Actually, if the comparison is SRP vs. IKE using shared keys, that's not really true. IKE Shared Key auth is susceptible to man-in-the-middle attack in that in Main Mode unless the IP addresses of the correspondents are fixed, there is no way to tie an IP address to an appropriate shared key. In practice this means the shared group keys must be used. Using the same shared group key to protect iSCSI for thousands of initiators lacks credibility, because anyone with the group key (e.g. anyone in the entire org) can impersonate anyone else. Thus for IKE use in iSCSI, it would seem that only cert-based auth is tenable. In the most recent survey data I've seen, less than 15 percent of enterprises have any plans to deploy certificates. So unless you've got a credible transition solution (e.g. GetCert, PIC, etc.) it'll be a hard sell. On the other hand, with SRP, it is possible to identify the endpoints prior to authentication a la aggressive mode, and thus to maintain separate passwords for each initiator-target pair. SRP is resistent to dictionary attacks or compromise of the password database. > What I think I'm hearing you say is that you > are evaluating whether to REQUIRE SRP keying of > ESP/IPSec because its easier to do than IKE. Ease of implementation is *not* the only issue. There is a functionality issue as well. If you need shared key authentication for hosts with dynamic IP addresses, IKE Main Mode is not a credible solution.
Home Last updated: Tue Sep 04 01:04:46 2001 6315 messages in chronological order |