RE: FCIP and iFCP Keying Problem

To: travos@nortelnetworks.com, ips@ece.cmu.edu
Subject: RE: FCIP and iFCP Keying Problem
From: Black_David@emc.com
Date: Fri, 7 Sep 2001 19:07:57 -0400
Content-Type: multipart/alternative;boundary="----_=_NextPart_001_01C137F1.EE8BCD30"
Sender: owner-ips@ece.cmu.edu

> I realize that in the (main mode, pre-shared key) variant

> the endpoints' identities can only be IP addresses due to

> a chicken-and-egg problem (and rfc2409 confirms this).

> I also realize that this variant is useless in the presence

> of DHCP-assigned IP addresses (which is not our case, as

> we only work with static IP addresses).

I'm not sure I believe the parenthetical comment about only

working with static IP addresses. I suspect a "MUST NOT use

DHCP-assigned IP addresses" restriction wouldn't make it

through the IESG.

> A DH is obviously vulnerable to a MIM attack, but a

> DH + pre-shared key intuitively shouldn't.

Suppose the MIM is part of the group that has the pre-shared key.

The MIM attack on DH is once again possible.

> And I don't think we worry about identities being revealed.

I agree, otherwise I wouldn't be suggesting Aggressive Mode

(which reveals identities) as a MUST.

--David

-----Original Message-----
From: Franco Travostino [mailto:travos@nortelnetworks.com]
Sent: Friday, September 07, 2001 7:15 PM
To: Black_David@emc.com; ips@ece.cmu.edu
Subject: Re: FCIP and iFCP Keying Problem

Both FCIP and iFCP intend to require:

        - IKE with pre-shared keys MUST implement
        - IKE with public-key based keys MAY implement
        - IKE Main Mode MUST implement
        - IKE Aggressive Mode MAY implement

That's not acceptable because the result of combining
the two mandatory (MUST) mechanisms is vulnerable to a
man-in-the-middle attack.

Clarification:

I realize that in the (main mode, pre-shared key) variant the endpoints' identities can only be IP addresses due to a chicken-and-egg problem (and rfc2409 confirms this). I also realize that this variant is useless in the presence of DHCP-assigned IP addresses (which is not our case, as we only work with static IP addresses). A DH is obviously vulnerable to a MIM attack, but a DH + pre-shared key intuitively shouldn't. And I don't think we worry about identities being revealed. What am I missing? (rfc2409 has single-handedly neutralized the few brain cells that I've left).

-franco

Franco Travostino, Director Content Internetworking Lab
Advanced Technology Investments
Nortel Networks, Inc.
600 Technology Park
Billerica, MA 01821 USA
Tel: 978 288 7708 Fax: 978 288 4690
email: travos@nortelnetworks.com

Prev by Date: RE: FCIP and iFCP Keying Problem
Next by Date: RE: iFCP: security position
Prev by thread: RE: FCIP and iFCP Keying Problem
Next by thread: RE: FCIP and iFCP Keying Problem
Index(es):
- Date
- Thread

Home

Last updated: Sat Sep 08 00:17:27 2001
6463 messages in chronological order