[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRACK
On Fri, 22 Oct 1999 16:13:23 -0000 you wrote
>
> Howdy ()
Ola ()
> Is this protocol self defeating of it's own goal? The goal is to allow
> the use of legacy authentication methods in place of deploying a pki.
> Yet this protocol requires the pre-existance of a pki. Is the answer
> along the lines of "yeah, but this is a small and manageable pki"?
The goal is to allow clients to authenticate using legacy authentication
methods. That the gateway requires a trusted public key does not make it
a self-defeating protocol.
>
> In the crack draft, Section 2.2 says
>
> -- 2.2 Exchange Definition
>
> This exchange is motivated by the use of roaming IPSec-enabled
> clients which use legacy authentication methods for authentication
> instead of using a public key certificate.
Yes, the client does authenticates using the legacy authentication method.
> And section 3 says:
>
>
> 3. The Protocol
>
> This protocol uses digital signatures to bind each party to the
> exchange as well as to the secret keying material that results from
> the exchange. The signatures are verified because the peers trust
> each other's public keys. This trust is acquired differently for the
> client and the gateway. The client trusts the gateway's public key
> either because it came from a certificate which is signed by a
> trusted certification authority or because the client trusts it by
> some out-of-band mechanism (for instance it is loaded into his policy
> store prior to embarking on his voyage).
The client does not need a certificate. The gateway can. What is needed
is for the client to trust the gateway's public key. This is because "it
came from a certificate which is signed by a trusted certification authority
or because the client trusts it by some out-of-band mechanism." So a pki
(even a small scale one) is not needed. Just some trust.
Dan.