RE: iSCSI Security rough consensus

[Bernard Aboba <aboba@internaut.com>]

> > By comparison to full IPSec with IKE, using
> > SRP to key ESP does not improve security.

Actually, if the comparison is SRP vs. IKE using shared keys, that's not
really true. IKE Shared Key auth is susceptible to man-in-the-middle
attack in that in Main Mode unless the IP addresses of the correspondents
are fixed, there is no way to tie an IP address to an appropriate shared
key. In practice this means the shared group keys must be used. Using the
same shared group key to protect iSCSI for thousands of initiators lacks
credibility, because anyone with the group key (e.g. anyone in the entire
org) can impersonate anyone else. Thus for IKE use in iSCSI, it would seem
that only cert-based auth is tenable. In the most recent survey data I've
seen, less than 15 percent of enterprises have any plans to deploy
certificates. So unless you've got a credible transition solution
(e.g. GetCert, PIC, etc.) it'll be a hard sell.

On the other hand, with SRP, it is possible to identify the endpoints
prior to authentication a la aggressive mode, and thus to maintain
separate passwords for each initiator-target pair. SRP is resistent to
dictionary attacks or compromise of the password database. 

> What I think I'm hearing you say is that you
> are evaluating whether to REQUIRE SRP keying of
> ESP/IPSec because its easier to do than IKE.

Ease of implementation is *not* the only issue. There is a functionality
issue as well. If you need shared key authentication for hosts with
dynamic IP addresses, IKE Main Mode is not a credible solution.