SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: FCIP and iFCP Keying Problem



    > I realize that in the (main mode, pre-shared key) variant
    > the endpoints' identities can only be IP addresses due to
    > a chicken-and-egg problem (and rfc2409 confirms this).
    > I also realize that this variant is useless in the presence
    > of DHCP-assigned IP addresses (which is not our case, as
    > we only work with static IP addresses).
     
    I'm not sure I believe the parenthetical comment about only
    working with static IP addresses.  I suspect a "MUST NOT use
    DHCP-assigned IP addresses" restriction wouldn't make it
    through the IESG.
     
    > A DH is obviously vulnerable to a MIM attack, but a
    > DH + pre-shared key intuitively shouldn't.
     
    Suppose the MIM is part of the group that has the pre-shared key.
    The MIM attack on DH is once again possible.
     
    > And I don't think we worry about identities being revealed.
     
    I agree, otherwise I wouldn't be suggesting Aggressive Mode
    (which reveals identities) as a MUST.
     
    --David
    -----Original Message-----
    From: Franco Travostino [mailto:travos@nortelnetworks.com]
    Sent: Friday, September 07, 2001 7:15 PM
    To: Black_David@emc.com; ips@ece.cmu.edu
    Subject: Re: FCIP and iFCP Keying Problem


    Both FCIP and iFCP intend to require:

            - IKE with pre-shared keys MUST implement
            - IKE with public-key based keys MAY implement
            - IKE Main Mode MUST implement
            - IKE Aggressive Mode MAY implement

    That's not acceptable because the result of combining
    the two mandatory (MUST) mechanisms is vulnerable to a
    man-in-the-middle attack.

    Clarification:

    I realize that in the (main mode, pre-shared key) variant the endpoints' identities can only be IP addresses due to a chicken-and-egg problem (and rfc2409 confirms this). I also realize that this variant is useless in the presence of DHCP-assigned IP addresses (which is not our case, as we only work with static IP addresses). A DH is obviously vulnerable to a MIM attack, but a DH + pre-shared key intuitively shouldn't. And I don't think we worry about identities being revealed. What am I missing? (rfc2409 has single-handedly neutralized the few brain cells that I've left).

    -franco


    Franco Travostino, Director Content Internetworking Lab
    Advanced Technology Investments
    Nortel Networks, Inc.
    600 Technology Park
    Billerica, MA 01821 USA
    Tel: 978 288 7708 Fax: 978 288 4690
    email: travos@nortelnetworks.com



Home

Last updated: Sat Sep 08 00:17:27 2001
6463 messages in chronological order