Re: FCIP and iFCP Keying Problem

["Franco Travostino" <travos@nortelnetworks.com>]

Both FCIP and iFCP intend to require:

        - IKE with pre-shared keys MUST implement
        - IKE with public-key based keys MAY implement
        - IKE Main Mode MUST implement
        - IKE Aggressive Mode MAY implement

That's not acceptable because the result of combining
the two mandatory (MUST) mechanisms is vulnerable to a
man-in-the-middle attack.

Clarification:

I realize that in the (main mode, pre-shared key) variant the endpoints'
identities can only be IP addresses due to a chicken-and-egg problem (and
rfc2409 confirms this). I also realize that this variant is
useless in the presence of DHCP-assigned IP addresses (which is
not our case, as we only work with static IP addresses). A DH is
obviously vulnerable to a MIM attack, but a DH + pre-shared key
intuitively shouldn't. And I don't think we worry about identities being
revealed. What am I missing? (rfc2409 has single-handedly neutralized the
few brain cells that I've left).

-franco

Franco Travostino, Director Content Internetworking Lab
Advanced Technology Investments
Nortel Networks, Inc.
600 Technology Park
Billerica, MA 01821 USA
Tel: 978 288 7708 Fax: 978 288 4690
email: travos@nortelnetworks.com