|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: FCIP and iFCP Keying ProblemFilling in a couple of missing pieces here: - See Section 4.4 of draft-aboba-ips-iscsi-security-00.txt for more details on the man-in-the-middle vulnerability. That vulnerability is based on the use of group pre-shared keys. - My strong language below is based in part on an assumption that banning group pre-shared keys is unworkable in practice. Key management is a pain, and use of group pre-shared keys simplifies it, even though it has some security costs. Questioning the latter assumption is reasonable, but I'll point out that group pre-shared (vs. per session pre-shared) keys are a fact of life in current IPsec deployment/management, and even turn up in the absence of dynamic IP address assignment. The reason the text in my previous message just said "pre-shared keys" rather than "group pre-shared keys" is that there may be no way for a participant in an IKE session to know whether the pre-shared key was shared only among the two endpoints of the session or with other parties. Thanks, --David > -----Original Message----- > From: Black_David@emc.com [mailto:Black_David@emc.com] > Sent: Friday, September 07, 2001 4:34 PM > To: ips@ece.cmu.edu > Subject: FCIP and iFCP Keying Problem > Importance: High > > > Both FCIP and iFCP intend to require: > > - IKE with pre-shared keys MUST implement > - IKE with public-key based keys MAY implement > - IKE Main Mode MUST implement > - IKE Aggressive Mode MAY implement > > That's not acceptable because the result of combining > the two mandatory (MUST) mechanisms is vulnerable to a > man-in-the-middle attack. > > If IKE with pre-shared keys is "MUST implement" (which > makes sense, as it's the simplest IKE authentication > mechanism), then: > - IKE Aggressive Mode needs to be "MUST implement" > - Use of IKE Main Mode with pre-shared keys needs > to be "SHOULD NOT use" or "MUST NOT use". > Alternatively, if IKE Aggressive Mode remains "MAY implement", > then: > - IKE with signature authentication based on public > keys needs to be "MUST implement" along with > some certificate usage guidelines. > - Pre-Shared keys needs to be "MAY implement" (can't > be any stronger than the requirement for > IKE Aggressive Mode). > - Use of IKE Main Mode with pre-shared keys needs > to be "SHOULD not use" or "MUST not use". > > Changing IKE to remove the Main Mode vulnerability > with pre-shared keys is not a viable approach. > > Sorry, > --David > > --------------------------------------------------- > David L. Black, Senior Technologist > EMC Corporation, 42 South St., Hopkinton, MA 01748 > +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 > black_david@emc.com Mobile: +1 (978) 394-7754 > --------------------------------------------------- >
Home Last updated: Fri Sep 07 19:17:10 2001 6452 messages in chronological order |