IETF Logo Mail Archive

Re: [IPsec] Proposed work item: IKEv2 password authentication (SPSK) - NO

Yaron Sheffer <yaronf@checkpoint.com> Wed, 02 December 2009 08:31 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A5B13A6A73 for <ipsec@core3.amsl.com>; Wed, 2 Dec 2009 00:31:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.555
X-Spam-Level:
X-Spam-Status: No, score=-3.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2SRyKOqXBbo for <ipsec@core3.amsl.com>; Wed, 2 Dec 2009 00:31:26 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id AAFCE3A6A6C for <ipsec@ietf.org>; Wed, 2 Dec 2009 00:31:25 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nB28VDGp006174; Wed, 2 Dec 2009 10:31:16 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 2 Dec 2009 10:31:20 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: Dan Harkins <dharkins@lounge.org>
Date: Wed, 02 Dec 2009 10:31:19 +0200
Thread-Topic: [IPsec] Proposed work item: IKEv2 password authentication (SPSK) - NO
Thread-Index: AcpyXwYMm4++7XALR+ySTez+dGUrlgAx16OA
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E08A5@il-ex01.ad.checkpoint.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04F2@il-ex01.ad.checkpoint.com> <a70eac2cf1d8cc1b743fb05aadf791b9.squirrel@www.trepanning.net> <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E06DD@il-ex01.ad.checkpoint.com> <402d5ea50fcadec3d66a41f63fd1b9df.squirrel@www.trepanning.net>
In-Reply-To: <402d5ea50fcadec3d66a41f63fd1b9df.squirrel@www.trepanning.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication (SPSK) - NO
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 08:31:27 -0000

Hi Dan,

Responding to your last point:

The alternatives for EAP-PWD (a.k.a. SPSK), namely EKE, SRP and PAK, have all been published outside the IETF and peer-reviewed by the relevant community: cryptographers, mainly of the academic kind. I highly appreciate the expertise we have at the IPsecME WG and at the CFRG. But if we're adding a new security mechanism to a major IETF security protocol, this level of expertise is insufficient. Anything we do will STILL need to be reviewed by CFRG - both EAP-EKE and EAP-PWD have had holes punched into them by these people. But it would be irresponsible to ONLY have this limited level of review.

Regarding the process at the EMU side of the house, I share your frustration...

Thanks,
	Yaron

> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@lounge.org]
> Sent: Tuesday, December 01, 2009 10:19
> To: Yaron Sheffer
> Cc: Dan Harkins; ipsec@ietf.org
> Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication
> (SPSK) - NO
> 
> 
>   Yaron,
> 
>   It is important for you to state what problem you're trying to solve.
> That problem is, simply, password-only authentication. To bring up the
> motivation for adding EAP to IKEv2 is quite irrelevant since EAP in IKEv2
> today involves server-side authentication using a certificate.
> 
>   You want to do password authentication in IKE. Period. Full stop. And to
> do that you want to add a pointless encapsulation. And you want to do it
> with twice as many messages. And you want to require each side to
> implement
> both the client- and server-side state machines for this "solution" to
> be useful in the use cases defined in IKEv2.
> 
>   It seems to me that you need to justify why such EXTRA work is necessary
> when a simpler way of solving your problem is available. Don't just say
> "it doesn't make sense", justify why you are proposing more, extraneous
> work.
> 
>   Furthermore, I would be very interested in why you feel that a WG in
> the Security Area of the IETF is not the place to define cryptographic
> protocols and that it would be more appropriate for a WG in the Security
> Area to just use a protocol from the Network Area with protocols defined
> as individual submissions.
> 
>   Dan.
> 
> On Mon, November 30, 2009 10:46 pm, Yaron Sheffer wrote:
> > Hi everyone,
> >
> > [WG co-chair hat off]
> >
> > I believe this effort is misguided, and would be a waste of the WG time.
> >
> > EAP was added to IKEv2 to provide "legacy" (a.k.a. password)
> > authentication. In the past it did not do it very well, but this is
> > changing. We should improve the use of EAP in IKEv2, rather than
> replacing
> > it by a homebrew solution.
> >
> > Specifically, the following EAP methods can be used today (or in the
> near
> > future) for mutual password-based auth:
> >
> > - Dan's own EAP-PWD,
> > http://tools.ietf.org/html/draft-harkins-emu-eap-pwd-12
> > - My EAP-EKE, http://tools.ietf.org/html/draft-sheffer-emu-eap-eke-03
> > - The long expired EAP-SRP,
> > http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03
> > - A rumored EAP method based on the PAK protocol
> > (http://tools.ietf.org/html/draft-brusilovsky-pak-10)
> >
> > Embedding one of these methods as the single way to do mutual auth in
> IKE
> > simply doesn't make sense.
> >
> > In addition, SPSK (which is equivalent to EAP-PWD) is a novel crypto
> > protocol. It has had by far the least crypto review than the other three
> > protocols. IMHO, this working group should NOT be developing new
> > cryptographic protocols. This is not where our expertise lies.
> >
> > Lastly, one of the major criticisms with IKEv1 was the number of
> protocol
> > modes. And here we are, with a proposal to add another mode to IKEv2.
> > Doesn't seem like a good idea to me.
> >
> > Thanks,
> > 	Yaron
> >
> >
> >> -----Original Message-----
> >> From: Dan Harkins [mailto:dharkins@lounge.org]
> >> Sent: Tuesday, December 01, 2009 1:35
> >> To: Yaron Sheffer
> >> Cc: ipsec@ietf.org
> >> Subject: Re: [IPsec] Proposed work item: IKEv2 password authentication
> >> (SPSK)
> >>
> >>
> >>   Hello,
> >>
> >>   As can be inferred by my previous posting on EAP-only authentication,
> >> I favor this particular method for mutual authentication.
> >>
> >>   I believe this is a general purpose exchange, useful for more than
> the
> >> narrow focus of EAP-only, does not require extraneous encapsulations or
> >> unnecessary code (ala EAP-only), and is secure regardless of its use
> >> (unlike EAP-only).
> >>
> >>   I am committed to working on this as a WG work item. I agree to
> >> continue
> >> contributing to the text and (co-)authoring the text. I solicit help,
> >> and
> >> support, from those who are interested in this task.
> >>
> >>   regards,
> >>
> >>   Dan.
> >>
> >> On Sun, November 29, 2009 9:20 am, Yaron Sheffer wrote:
> >> > This draft proposes a particular method for mutual authentication of
> >> IKEv2
> >> > peers using a short, low quality shared secret (a.k.a. "password").
> >> The
> >> > proposal is to embed this method in the IKE exchange, rather than use
> >> EAP.
> >> >
> >> > Proposed starting point:
> >> > http://tools.ietf.org/id/draft-harkins-ipsecme-spsk-auth-00.txt.
> >> >
> >> > Please reply to the list:
> >> >
> >> > - If this proposal is accepted as a WG work item, are you committing
> >> to
> >> > review multiple versions of the draft?
> >> > - Are you willing to contribute text to the draft?
> >> > - Would you like to co-author it?
> >> >
> >> > Please also reply to the list if:
> >> >
> >> > - You believe this is NOT a reasonable activity for the WG to spend
> >> time
> >> > on.
> >> >
> >> > If this is the case, please explain your position. Do not explore the
> >> fine
> >> > technical details (which will change anyway, once the WG gets hold of
> >> the
> >> > draft); instead explain why this is uninteresting for the WG or for
> >> the
> >> > industry at large. Also, please mark the title clearly (e.g. "DES40-
> >> export
> >> > in IPsec - NO!").
> >> > _______________________________________________
> >> > IPsec mailing list
> >> > IPsec@ietf.org
> >> > https://www.ietf.org/mailman/listinfo/ipsec
> >> >
> >>
> >>
> >>
> >> Scanned by Check Point Total Security Gateway.
> > _______________________________________________
> > IPsec mailing list
> > IPsec@ietf.org
> > https://www.ietf.org/mailman/listinfo/ipsec
> >
> 
> 
> 
> Scanned by Check Point Total Security Gateway.

v2.23.0 | Report a Bug | By Email