Re: On ipsra authentication options

[Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>]

On Fri, 23 Jun 2000, CHINNA N.R. PELLACURU wrote:

> In L2TP/IPSec, a possibly low entropy password based legacy autentication
> is protected by a standard IKE phase1, which could be any of the standard
> authetication modes.
> 
> I don't see the need to design yet another protocol.
> 
>     chinna
> 

I'll try one more time:

Please consider the following IPSRA REQUIREMENT as I mentioned in my
previous message:

 > Solutions based on legacy-user-authentication-ONLY MUST be provided
  
or in other words:

  The ipsra wg MUST provide a user authentication solution that DOES NOT
  ASSUME that the client (either user or machine) has a strong secret.

If you do not agree with this requirement just say that and try to get
WG consensus on eliminating it. In the meantime I am assuming this IS
a requirement.

My arguments (as I already explained) are strongly based on this
requrement (and, again, this reqt does not exclude solutions that
accomodate strong-secret authentication, all what the reqt is saying 
is that there MUST be a solution for the case where the strong secret 
does not exist).

Now, the following is an absolute fact, not a personal opinion 
or anything subject to WG agreement:

   THERE IS NO IKE MODE THAT CAN PROVIDE A SOLUTION THAT SATISFIES
   THE ABOVE REQUIREMENT

Note that your proposal to run regular IKE and then L2TP assumes that one 
of the cuurent authentication modes of IKE can be used in this context.
Since all the IKE modes assume a strong secret at BOTH sides then your
solution is NOT fulfilling the above requirement.

So, if you want to keep your proposal on the WG's table you have to
CONVINCE THE WG TO EITHER:
* drop the above requirement (i.e. convince the WG to MANDATE that all
  ipsra authentication uses a strong secret at the client)  
OR 
* to accept changes of IKE (by adding a new one-way-authentication mode to
  phase 1) 

Hugo