SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: FCIP and iFCP Keying Problem



    Resending as I didn't see this come through - apologies
    if it's a duplicate.  --David
    
    > -----Original Message-----
    > From: Black, David (MKT Hopkinton) 
    > Sent: Friday, September 07, 2001 6:28 PM
    > To: Black, David (MKT Hopkinton); ips@ece.cmu.edu
    > Subject: RE: FCIP and iFCP Keying Problem
    > 
    > 
    > Filling in a couple of missing pieces here:
    > 
    > - See Section 4.4 of draft-aboba-ips-iscsi-security-00.txt
    > 	for more details on the man-in-the-middle vulnerability.
    > 	That vulnerability is based on the use of group pre-shared
    > 	keys.  
    > - My strong language below is based in part on an 
    > 	assumption that banning group pre-shared keys is
    > 	unworkable in practice.  Key management is a pain,
    > 	and use of group pre-shared keys simplifies it, even
    > 	though it has some security costs.
    > 
    > Questioning the latter assumption is reasonable, but I'll
    > point out that group pre-shared (vs. per session pre-shared)
    > keys are a fact of life in current IPsec deployment/management,
    > and even turn up in the absence of dynamic IP address
    > assignment.  The reason the text in my previous message
    > just said "pre-shared keys" rather than "group pre-shared keys"
    > is that there may be no way for a participant in an IKE
    > session to know whether the pre-shared key was shared only
    > among the two endpoints of the session or with other parties.
    > 
    > Thanks,
    > --David
    > 
    > > -----Original Message-----
    > > From: Black_David@emc.com [mailto:Black_David@emc.com]
    > > Sent: Friday, September 07, 2001 4:34 PM
    > > To: ips@ece.cmu.edu
    > > Subject: FCIP and iFCP Keying Problem
    > > Importance: High
    > > 
    > > 
    > > Both FCIP and iFCP intend to require:
    > > 
    > > 	- IKE with pre-shared keys MUST implement
    > > 	- IKE with public-key based keys MAY implement
    > > 	- IKE Main Mode MUST implement
    > > 	- IKE Aggressive Mode MAY implement
    > > 
    > > That's not acceptable because the result of combining
    > > the two mandatory (MUST) mechanisms is vulnerable to a
    > > man-in-the-middle attack.
    > > 
    > > If IKE with pre-shared keys is "MUST implement" (which
    > > makes sense, as it's the simplest IKE authentication
    > > mechanism), then:
    > > 	- IKE Aggressive Mode needs to be "MUST implement"
    > > 	- Use of IKE Main Mode with pre-shared keys needs
    > > 		to be "SHOULD NOT use" or "MUST NOT use".
    > > Alternatively, if IKE Aggressive Mode remains "MAY implement",
    > > then:
    > > 	- IKE with signature authentication based on public
    > > 		keys needs to be "MUST implement" along with
    > > 		some certificate usage guidelines.
    > > 	- Pre-Shared keys needs to be "MAY implement" (can't
    > > 		be any stronger than the requirement for
    > > 		IKE Aggressive Mode).
    > > 	- Use of IKE Main Mode with pre-shared keys needs
    > > 		to be "SHOULD not use" or "MUST not use".
    > > 
    > > Changing IKE to remove the Main Mode vulnerability
    > > with pre-shared keys is not a viable approach.
    > > 
    > > Sorry,
    > > --David
    > > 
    > > ---------------------------------------------------
    > > David L. Black, Senior Technologist
    > > EMC Corporation, 42 South St., Hopkinton, MA  01748
    > > +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    > > black_david@emc.com       Mobile: +1 (978) 394-7754
    > > ---------------------------------------------------
    > > 
    > 
    


Home

Last updated: Fri Sep 07 20:17:12 2001
6457 messages in chronological order