[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: l2tp as ipsra solution

To: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Subject: Re: l2tp as ipsra solution
From: "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx>
Date: Wed, 21 Jun 2000 10:32:08 -0700 (PDT)
Cc: IPSRA list <ietf-ipsra@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

On Wed, 21 Jun 2000, Hugo Krawczyk wrote:

> 
> 
> On Tue, 20 Jun 2000, CHINNA N.R. PELLACURU wrote:
> 
> > I don't think cryptographically there is any difference between using the
> > legacy authentication secret directly as a pre-shared key and the other
> > proposal of PIC protocol type of pre IKE phase usage, because
> 
> I hope that my answer to your other message clarifies this too.
> There is a difference and it is a HUGE one.
> The password-based pre-shared key is INSECURE (as it succumbs to off-line 
> guessing attacks).
> The PIC kind of authentication is SECURE (in particular it resists
> the off-line attacks and authenticates the whole key-exchange not just
> the source).
> 
> Hugo

So, the PIC protocol only adds value if the customer is using historic
legacy authentication protocols, like PAP, that are vulnerable to passive
(just listen on the authentication as opposed to hacking the legacy
authentication server) off-line dictionary attacks. But it the customer is
using what normally any customer would use, which is a more sophisticated
password based mechanism, that is secure enough, and is only vulnerable to
an on-line attack, then PIC protocol doesn't add any value.

So, the suggestion is that the customer, setup another Authentication
Server (AS), so that he can use his historic insecure password mechanisms.

As I pointet out before, any customer who is still using a legacy
authentication system that is vulnerable to passive off-line attacks is
not going to migrate to IPSec anytime in the foreseeable future.

    chinna

> 
> > cryptographically in both systems the weakest link is the legacy
> > authentication system, and all you are concerned about is the weakest
> > link, and it does not matter if you do RSA or DSS later and do DH group
> > 10, because your initial trust is predicated on the legacy authentication
> > system. The PIC protocol just adds another layer of protocol above IKE,
> > and that is all it is doing differently. It also doesn't make any
> > difference whether the AS is using RSA or DSS to authenticate to the
> > client, because it will authenticate to any incoming client whether it is
> > a legitimate clinet or not.
> > 
> >     chinna
> 
> 

chinna narasimha reddy pellacuru
s/w engineer

References:
- Re: l2tp as ipsra solution
  - From: Hugo Krawczyk

Prev by Date: Re: l2tp as ipsra solution
Next by Date: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Previous by thread: Re: l2tp as ipsra solution
Next by thread: Re: l2tp as ipsra solution
Index(es):
- Date
- Thread