SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI Security rough consensus



    > > By comparison to full IPSec with IKE, using
    > > SRP to key ESP does not improve security.
    
    Actually, if the comparison is SRP vs. IKE using shared keys, that's not
    really true. IKE Shared Key auth is susceptible to man-in-the-middle
    attack in that in Main Mode unless the IP addresses of the correspondents
    are fixed, there is no way to tie an IP address to an appropriate shared
    key. In practice this means the shared group keys must be used. Using the
    same shared group key to protect iSCSI for thousands of initiators lacks
    credibility, because anyone with the group key (e.g. anyone in the entire
    org) can impersonate anyone else. Thus for IKE use in iSCSI, it would seem
    that only cert-based auth is tenable. In the most recent survey data I've
    seen, less than 15 percent of enterprises have any plans to deploy
    certificates. So unless you've got a credible transition solution
    (e.g. GetCert, PIC, etc.) it'll be a hard sell.
    
    On the other hand, with SRP, it is possible to identify the endpoints
    prior to authentication a la aggressive mode, and thus to maintain
    separate passwords for each initiator-target pair. SRP is resistent to
    dictionary attacks or compromise of the password database. 
    
    > What I think I'm hearing you say is that you
    > are evaluating whether to REQUIRE SRP keying of
    > ESP/IPSec because its easier to do than IKE.
    
    Ease of implementation is *not* the only issue. There is a functionality
    issue as well. If you need shared key authentication for hosts with
    dynamic IP addresses, IKE Main Mode is not a credible solution. 
    
    
    


Home

Last updated: Tue Sep 04 01:04:46 2001
6315 messages in chronological order