Re: User-level Authentication Mechanisms for IPsec

[Ari Huttunen <Ari.Huttunen@xxxxxxxxxxxxxxx>]

Moshe Litvin wrote:

> Don't try to pain it as you have a techniaclly superiour solution. You have a
> direction of thought, CRACK is an inferior protocol (DoS). Your direction can be
> completed, CRACK can be fixed but the big question is Why?
>
> Until now no one has shown that if and when this effort will be done, we will
> get something that is significantly better then hybrid.
>
> Moshe

You are right that CRACK currently is horrible against DoS attacks. However,
I'd rank hybrid as only bad against DoS attacks. (*) If we agree that resistance
against DoS attacks is important, we should design something that is resistant.

As I see it, currently the best mode against DoS attacks (by far) is base mode.
In an earlier email I showed how to modify CRACK so that you gain DoS
resistance. The result is similar to base mode with signature authentication and
hybrid combined into one. I'm not claiming it's secure, but I do claim it's
relatively resistant against DoS attacks. It could be made even more resistant
by making it stateless as far as the gateway is concerned. In an even earlier email
I similarly 'showed' how to make base mode more DoS resistant in that way.

So one task for the WG would be to decide if resistance to DoS attacks
is important, and if so, how important. I claim it is very important.

(*) Hybrid is just as bad against DoS attacks as the modes it modifies. There's
a draft (expired?) by Simpson showing several attacks against these modes.
I've noted that is very politically incorrect to refer to Simpson in these WGs,
but I'd rather not have some personal conflicts, or whatever, be in the way
of creating good protocols.

--
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

Data Fellows Corporation       http://www.DataFellows.com

F-Secure products: Integrated Solutions for Enterprise Security