Re: l2tp as ipsra solution

[Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>]

On Tue, 20 Jun 2000, CHINNA N.R. PELLACURU wrote:

> I don't think cryptographically there is any difference between using the
> legacy authentication secret directly as a pre-shared key and the other
> proposal of PIC protocol type of pre IKE phase usage, because

I hope that my answer to your other message clarifies this too.
There is a difference and it is a HUGE one.
The password-based pre-shared key is INSECURE (as it succumbs to off-line 
guessing attacks).
The PIC kind of authentication is SECURE (in particular it resists
the off-line attacks and authenticates the whole key-exchange not just
the source).

Hugo

> cryptographically in both systems the weakest link is the legacy
> authentication system, and all you are concerned about is the weakest
> link, and it does not matter if you do RSA or DSS later and do DH group
> 10, because your initial trust is predicated on the legacy authentication
> system. The PIC protocol just adds another layer of protocol above IKE,
> and that is all it is doing differently. It also doesn't make any
> difference whether the AS is using RSA or DSS to authenticate to the
> client, because it will authenticate to any incoming client whether it is
> a legitimate clinet or not.
> 
>     chinna