[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pre-shared key v RSA encryption or RSA signature authentication modes
Hi
As a researcher in cryptosystems and protocols, I would say that RSA-sig IKE
is much more powerful unless someone is using quantum computing attacks,
which are not feasible in the near future.
Ahmed Adas, member IETF,ACM, IEEE
alaadas@xxxxxxxxxxx
----- Original Message -----
From: <cdemar@xxxxxxxxx>
To: <ipsec@xxxxxxxxxxxxxxxxx>
Sent: 21 ????, 2002 12:16 ?
Subject: pre-shared key v RSA encryption or RSA signature authentication
modes
> Dear ipsec-list,
>
> I just have a quick question for which I could not find any answers yet.
> Can someone tell whether the security strength of pre-shared key IKE
> authentication mode has been proven weaker than RSA-enc or RSA-sig IKE
> authentication mode ?
> Links would be much appreciated ...
>
> Many thanks,
>
> Claudine
>
> -----Original Message-----
> From: mshieh@xxxxxxxxxxxxx [mailto:mshieh@xxxxxxxxxxxxx]
> Sent: Wednesday, March 20, 2002 7:20 AM
> To: wdixon@xxxxxxxxxxxxxxxxxxxxx; tytso@xxxxxxx; ipsec@xxxxxxxxxxxxxxxxx
> Cc: iscsi-security@xxxxxxxxxxxxxxxxxx
> Subject: RE: Draft ipsec agendas
>
>
> Oop, I made a mistake on our product performance. It's 250Mb/s for single
> vpn session and 600Mb/s for aggregated vpn session, as stated in our
> marketing literature.
>
> Michael Shieh
>
> -----Original Message-----
> From: Michael Choung Shieh [mailto:mshieh@xxxxxxxxxxxxx]
> Sent: Tuesday, March 19, 2002 5:52 PM
> To: 'William Dixon'; Theodore Ts'o; ipsec@xxxxxxxxxxxxxxxxx
> Cc: iscsi-security@xxxxxxxxxxxxxxxxxx
> Subject: RE: Draft ipsec agendas
>
>
> William,
>
> I cannot open the link of the draft.
>
> For performance reason, I would prefer tunnel mode since it requires fewer
> operation, and we only support tunnel mode.
>
> Our current products can support upto 350Mb/s for single TCP session and
> 1Gb/b for aggregate sessions. I think many vendors can do more than
100Mb/s
> these days.
>
> Michael Shieh
>
> -----Original Message-----
> From: William Dixon [mailto:wdixon@xxxxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, March 19, 2002 4:36 PM
> To: Theodore Ts'o; ipsec@xxxxxxxxxxxxxxxxx
> Cc: iscsi-security@xxxxxxxxxxxxxxxxxx
> Subject: RE: Draft ipsec agendas
>
>
> Ted, is there 2 or 3 minutes to update the IPsec WG on one outcome of
> the recent IP Storage using IPsec discussion ? I'm happy to squeeze in
> where someone finishes early. I mainly want to poll the audience of
> implementers to see what IPsec GW implementation can accept and run an
> IPSec tunnel SA for a single or aggregate of TCP connections at
> 100Mbits/sec & 1Gbit/sec 3DES/SHA1 for the following selector:
>
> Possible Quick Mode proposal of an IP storage initiator to IPSec GW:
>
> Src IP = initiator real IP
> Dst IP = target real IP (the target is behind the gateway, not the GW IP
> itself)
> Protocol = TCP
> Src Port = * or <dynamically allocated port>
> Dst Port = wellknown (e.g. 3260 for iSCSI)
>
> The polling of vendors is important to determine if the target community
> can achieve their goal of bolting on a commercial IPsec security gateway
> in front of a (single or group of) IP storage target(s), perhaps find
> those that could be used for interop testing in 3 months.
>
> I am still thinking transport mode is more appropriate choice for
> securing IP Storage TCP connections, but nevertheless, we should
> determine if IPsec GWs vendors can deal with a tunnel like this, and
> what the tunnel mode alternative is if they can't.
>
> Interested folks can see latest draft, but I don't think this version
> made cutoff for submission and isn't current with yesterday's discussion
> yet.
> http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-11.txt
>
> Thx,
> Wm
>
>