> In message <3815F49E.BFABF7C9@xxxxxxxxx>, Roy Pereira writes:That's not a bad idea in itself, although I'd rather not have the requirement
>
> >
> > Let me ask everyone who is interested; How do we support existing
> > legacy user authentication within IKE without using a PKI ?
>
> With a protocol that lets the customer download an encrypted private key/
> certificate pair from a server, followed by ordinary IKE.
>
> --Steve Bellovin
>A perfect lead-in for what I've been thinking about for some time
now :-)How about using an HTML forms based interaction over HTTPS between
a webserver and a user to accomplish what you state.Internet Intranet
|
| +--> Legacy Auth server
SSL/TLS protected | /
user =================== HTTPS <---+
server
|
|This interaction can easily accomodate legacy user auth mechanisms
like SecureID, DES Gold, OTP, CHAP because the HTTPS server has access
to authentication tokens in the clear. Even multiple rounds don't
pose a problem. After the Auth server responds with "OK", the
HTTP server can squirt out a special MIME datatype and the browser
could be set up to automatically invoke the IKE daemon (or companion
software) to handle that MIME type. The HTTPS may need to coordinate
with the IPSec gateway on the Intranet side.This could be a reasonable solution for the road warrior VPN scenario.
I've heard Paul Hoffman use the term "user authentication in Phase 0.5"
for an approach like this (in contrast to Hybrid's Phase 1.5).(Maybe now's a good time to go look for that fire extingusher :-)).
vipul
However, let me quote an earlier email that I sent:
There's another architectural thing you should consider. What about modifying the protocol so that when the server starts believing in the authenticity of the client, the server issues the client's public key a certificate? This certificate would have a very limited life-time, just enough for the purpose at hand. It would be transported to the client in the 'last' message, whatever that is. Although this creates more public key operations, the legacy authentication functionality could be located on a different physical box than the actual security gateway.. This achieves a very similar function to the Kerberos ticket granting server, and the certificate is similar to Kerberos tickets. You'd of course have to set up the trust relations appropriately. There could also exist "one time certificates" that can be used only once during their life-time to gain access, similar to one time passwords. Some way or another they would be revoked the moment they are used.
If you wanted, you could transport such a certificate through HTTPS
to the client.
Although, as said, I'd rather not have HTTPS in the picture.
--
Ari Huttunen
phone: +358 9 859 900
Senior Software Engineer fax
: +358 9 8599 0452
Data Fellows Corporation http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security