|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: FCIP and iFCP Keying ProblemResending as I didn't see this come through - apologies if it's a duplicate. --David > -----Original Message----- > From: Black, David (MKT Hopkinton) > Sent: Friday, September 07, 2001 6:28 PM > To: Black, David (MKT Hopkinton); ips@ece.cmu.edu > Subject: RE: FCIP and iFCP Keying Problem > > > Filling in a couple of missing pieces here: > > - See Section 4.4 of draft-aboba-ips-iscsi-security-00.txt > for more details on the man-in-the-middle vulnerability. > That vulnerability is based on the use of group pre-shared > keys. > - My strong language below is based in part on an > assumption that banning group pre-shared keys is > unworkable in practice. Key management is a pain, > and use of group pre-shared keys simplifies it, even > though it has some security costs. > > Questioning the latter assumption is reasonable, but I'll > point out that group pre-shared (vs. per session pre-shared) > keys are a fact of life in current IPsec deployment/management, > and even turn up in the absence of dynamic IP address > assignment. The reason the text in my previous message > just said "pre-shared keys" rather than "group pre-shared keys" > is that there may be no way for a participant in an IKE > session to know whether the pre-shared key was shared only > among the two endpoints of the session or with other parties. > > Thanks, > --David > > > -----Original Message----- > > From: Black_David@emc.com [mailto:Black_David@emc.com] > > Sent: Friday, September 07, 2001 4:34 PM > > To: ips@ece.cmu.edu > > Subject: FCIP and iFCP Keying Problem > > Importance: High > > > > > > Both FCIP and iFCP intend to require: > > > > - IKE with pre-shared keys MUST implement > > - IKE with public-key based keys MAY implement > > - IKE Main Mode MUST implement > > - IKE Aggressive Mode MAY implement > > > > That's not acceptable because the result of combining > > the two mandatory (MUST) mechanisms is vulnerable to a > > man-in-the-middle attack. > > > > If IKE with pre-shared keys is "MUST implement" (which > > makes sense, as it's the simplest IKE authentication > > mechanism), then: > > - IKE Aggressive Mode needs to be "MUST implement" > > - Use of IKE Main Mode with pre-shared keys needs > > to be "SHOULD NOT use" or "MUST NOT use". > > Alternatively, if IKE Aggressive Mode remains "MAY implement", > > then: > > - IKE with signature authentication based on public > > keys needs to be "MUST implement" along with > > some certificate usage guidelines. > > - Pre-Shared keys needs to be "MAY implement" (can't > > be any stronger than the requirement for > > IKE Aggressive Mode). > > - Use of IKE Main Mode with pre-shared keys needs > > to be "SHOULD not use" or "MUST not use". > > > > Changing IKE to remove the Main Mode vulnerability > > with pre-shared keys is not a viable approach. > > > > Sorry, > > --David > > > > --------------------------------------------------- > > David L. Black, Senior Technologist > > EMC Corporation, 42 South St., Hopkinton, MA 01748 > > +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 > > black_david@emc.com Mobile: +1 (978) 394-7754 > > --------------------------------------------------- > > >
Home Last updated: Fri Sep 07 20:17:12 2001 6457 messages in chronological order |