[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure legacy authentication for IKEv2

To: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Subject: Re: Secure legacy authentication for IKEv2
From: Derrell Piper <ddp@xxxxxxxxxxxxxxxxx>
Date: Tue, 24 Dec 2002 06:06:10 -0700
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Hugo,

In EAP the identity request is optional, so if the server side somehow knows ahead of time the presumed identity of the peer (typical example is leased line), it could begin the EAP exchange with a challenge and complete in four. I'd also guess for EAP using CHAP/MD5 that a clever implementation could begin with the challenge if you knew that you'd be picking up the identity (out-of-band w.r.t. EAP) before you'd have to process the EAP response and you had a rich enough EAP API to be able to associate an identity with a pending EAP request. But that's a hack. And for OTP and tokens, this optimization isn't possible because you need to the username to lookup the sequence or generate the challenge. So in the general case, I don't see an obvious way to do this and preserve client identity protection.

Derrell

On Monday, December 23, 2002, at 04:26 PM, Hugo Krawczyk wrote:

PS: Question: you say that the SLA exchange with EAP must have 6 messages at least. Aren't there EAP methods where the server (responder in SLA) sends its challenge already in the first EAP message? In this case the whole SLA exchange can be completed in 4 msgs rather than 6.

References:
- Re: Secure legacy authentication for IKEv2
  - From: Hugo Krawczyk

Prev by Date: Re: speaking of keys
Next by Date: Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-05.txt
Previous by thread: Re: Secure legacy authentication for IKEv2
Next by thread: Re: Secure legacy authentication for IKEv2
Index(es):
- Date
- Thread