SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: FCIP and iFCP Keying Problem



    Although the issue of revealing identity is not significant (which means Aggressive Mode + pre-shared) keys is okay for an FCIP tunnel implementation, the question is whether many current IPsec gateways support Aggressive Mode. It only carries a "SHOULD implement" mandate in RFC2409. It would appear that the issues of DHCP assigned addresses and its usability in conjunction with Main Mode + pre-shared keys would be more severe in l2tp/vpn solutions, and this would force gateways to implement Aggressive Mode; but can we depend on its availability.
     
    As Franco states for iFCP, it is not clear that FCIP endpoint addresses will be handed out using DHCP. In fact, some of this will be made available using SLPv2 DAs and SAs, so they are fairly static. (This opens up the issue of SLPv2 itself having to be performed after IKE Phase-1 is done.)
     
    Would the problem be less severe if the FCIP Endpoint WWN is sent as IKE payload in conjunction with Main-mode+pre-shared key?
     
    Is it also not the case that Aggressive Mode with public key encryption still prevents identities being revealed?
     
    Venkat Rangan
    Rhapsody Networks Inc.
     

     -----Original Message-----
    From: Black_David@emc.com [mailto:Black_David@emc.com]
    Sent: Friday, September 07, 2001 4:08 PM
    To: travos@nortelnetworks.com; ips@ece.cmu.edu
    Subject: RE: FCIP and iFCP Keying Problem

    > I realize that in the (main mode, pre-shared key) variant
    > the endpoints' identities can only be IP addresses due to
    > a chicken-and-egg problem (and rfc2409 confirms this).
    > I also realize that this variant is useless in the presence
    > of DHCP-assigned IP addresses (which is not our case, as
    > we only work with static IP addresses).
     
    I'm not sure I believe the parenthetical comment about only
    working with static IP addresses.  I suspect a "MUST NOT use
    DHCP-assigned IP addresses" restriction wouldn't make it
    through the IESG.
     
    > A DH is obviously vulnerable to a MIM attack, but a
    > DH + pre-shared key intuitively shouldn't.
     
    Suppose the MIM is part of the group that has the pre-shared key.
    The MIM attack on DH is once again possible.
     
    > And I don't think we worry about identities being revealed.
     
    I agree, otherwise I wouldn't be suggesting Aggressive Mode
    (which reveals identities) as a MUST.
     
    --David
    -----Original Message-----
    From: Franco Travostino [mailto:travos@nortelnetworks.com]
    Sent: Friday, September 07, 2001 7:15 PM
    To: Black_David@emc.com; ips@ece.cmu.edu
    Subject: Re: FCIP and iFCP Keying Problem


    Both FCIP and iFCP intend to require:

            - IKE with pre-shared keys MUST implement
            - IKE with public-key based keys MAY implement
            - IKE Main Mode MUST implement
            - IKE Aggressive Mode MAY implement

    That's not acceptable because the result of combining
    the two mandatory (MUST) mechanisms is vulnerable to a
    man-in-the-middle attack.

    Clarification:

    I realize that in the (main mode, pre-shared key) variant the endpoints' identities can only be IP addresses due to a chicken-and-egg problem (and rfc2409 confirms this). I also realize that this variant is useless in the presence of DHCP-assigned IP addresses (which is not our case, as we only work with static IP addresses). A DH is obviously vulnerable to a MIM attack, but a DH + pre-shared key intuitively shouldn't. And I don't think we worry about identities being revealed. What am I missing? (rfc2409 has single-handedly neutralized the few brain cells that I've left).

    -franco


    Franco Travostino, Director Content Internetworking Lab
    Advanced Technology Investments
    Nortel Networks, Inc.
    600 Technology Park
    Billerica, MA 01821 USA
    Tel: 978 288 7708 Fax: 978 288 4690
    email: travos@nortelnetworks.com



Home

Last updated: Mon Sep 10 11:17:10 2001
6486 messages in chronological order