AW: CRACK

[Bungert Michael <Michael.Bungert@xxxxxxxxxxxxxxx>]

I followed the discussions around CRACK and I also would like to comment on
the remote access issue.

I think that the basic question with remote access solutions based on IPSec
is whether the customer is willing and able to employ an infrastructure to
securely distribute secrets to the remote clients on a per peer base (for
this question it doesn't matter if we talk about pre-shared keys or
public/private key pairs). 
If the answer to the question is yes then you should use IKE as it is for
remote access (modulo the problems with DoS or Main Mode with pre-shared
keys). 

If the answer is no and the company already has legacy methods in place then
a solution beyond IKE is necessary (although I don't like legacy
authentication methods). In my opinion the solution cannot be a 1.5 phase
(XAuth) that is built on IKE because from the assumption above it is clear
that the IKE exchange will not be secure (it has to use group keys or NULL
keys). Therefore, a new IKE exchange is necessary and this one should be
sound. In my opinion the available proposals (HYBRID, CRACK) do not offer an
optimal solution (e.g. HYBRID makes use of two exchanges and could be
optimized in a single exchange, CRACK defines a single exchange but as Tero
stated the first server signature should include the client's DH public
value and I do not see the reason for a digital signature on client side).

Therefore I would like to back Ted's opinion to step back for a moment and
clearly define the requirements for remote access with IPSec in order to
have a basis for a sound solution of the issue.

Michael