[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: l2tp as ipsra solution

To: "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx>
Subject: Re: l2tp as ipsra solution
From: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2000 12:23:04 +0300 (IDT)
Cc: IPSRA list <ietf-ipsra@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Reply-to: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

On Tue, 13 Jun 2000, CHINNA N.R. PELLACURU wrote:

> As I pointed out before, all the legacy authentication mechanisms that I
> have come to know, use symmetric key cryptography, where there has to be a
> pre-shared secret between the user and the authenticating device,
> (whether it is explicit like in passwords, or whether it is implicit as
> in token systems).
> 
> IKE supports this form of authentication via pre-shared key
> authentication. And as I said before, it doesn't make sense to do a
> challenge-response like legacy systems do, within the context of IKE,
> because all you are really concerned about is authenticating the DH, and
> other stuff. So, as I already pointed out, I see it as more a problem of
> the legacy authentication systems, because most (all?) of them don't
> provide an interface to get this shared secret, so that IKE can do it's
> pre-shared key authentication. I see this more as an implementation issue,
> not a protocol issue. I guess this can be considered a protocol issue for
> the legacy authentication systems that want to support IKE.
> 
>     chinna

For the (typical) cases where the legacy secret is human-memorizable 
(a password, or information derived from a password) then even if IKE 
had access to the the secret, using this password as the pre-shared 
secret in pre-shared mode would be insecure. It would be open to 
off-line dictionary attacks!  So avoiding the use of the legacy 
authentication secret with pre-shared mode of IKE is not just an 
implementation issue but also an essentil security consideration.

There have been several questions in this list regarding the meaning of 
"user authentication".  From a cryptographic point of view the short 
(low entropy) secret that (human) users use is the main line separating 
"user authentication" from "machine authentication".
Of course, there is another important security aspect of "user authentication" 
which is the granularity of policy decisions that you can make at the 
level of individual users.

Hugo

Follow-Ups:
- Re: l2tp as ipsra solution
  - From: CHINNA N.R. PELLACURU

References:
- Re: l2tp as ipsra solution
  - From: CHINNA N.R. PELLACURU

Prev by Date: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Next by Date: Re: l2tp as ipsra solution
Previous by thread: Re: l2tp as ipsra solution
Next by thread: Re: l2tp as ipsra solution
Index(es):
- Date
- Thread