RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt

Markku Savela <msa@anise.tte.vtt.fi> Mon, 11 October 1999 13:00 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id GAA00284; Mon, 11 Oct 1999 06:00:38 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id HAA12177 Mon, 11 Oct 1999 07:39:27 -0400 (EDT)
Date: Mon, 11 Oct 1999 14:41:35 +0300
From: Markku Savela <msa@anise.tte.vtt.fi>
Message-Id: <199910111141.OAA00910@anise.tte.vtt.fi>
To: ipsec@lists.tislabs.com
In-reply-to: <01BF13D5.F25DF970.lisa@baltimore.ie> (message from Lisa Wilkinson on Mon, 11 Oct 1999 10:00:53 +0100)
Subject: RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt
Reply-to: msa@hemuli.tte.vtt.fi
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

> From:	Waters, Stephen [SMTP:Stephen.Waters@cabletron.com]
>
> One of the suggestions that came out (that I was fond of :) ), was you
> provide clients with just their own private key, and the public key of the
> server.  The server has its own public/private key, and access to a secure
> database containing the clients private keys.

As I'm trying to specify a suitable test environment for demonstrating
IPSEC (more than just PING over fixed end points), the above appears
to be fairly close what I have in mind.

But, as I'm still a bit out of my area when public keys and ISAKMP is
involved, there may be some catches that I am not aware of. And to
verify, if I understood all correctly, I present my ideas and
understanding the above here:

 - we have a server host with known fixed IP address (for example,
   SMTP + POP + IMAP, perhaps IRC, WWW or whatever),

 - we want to allow client IPSEC device to connect this server from
   random IP address (e.g. client calls any suitable ISP and uses
   whatever dynamic address it gets)

 - only known users must be able to connect (eg. only company
   employees, or people who have paid for the service)

Would this be achieved with the following setup

 - the organizaion runs own server specific CA setup

 - the server ISAKMP only accepts clients that have their keys signed
   by the server CA directly (e.g. server ISAKMP is configured only to
   accept single CA = self)

 - the access to server is given to client by having their public key
   certified by the servers key (including policy changes for IPSEC on
   the client). That is, client is given 3 pieces of information:
   IPSEC policy changes, servers public key and clients
   server-certified public key.

Is there ISAKMP negotiation mode that can establish a connection from
client to server based on above information? As far as I can see, the
clients IP address should not be needed (the server policy requires
IPSEC for ALL connections by default, except of course having port 500
clear!)

It would seem that certificate revocation would be fairly easy to
manage as the control is all within organization. Revoked certificate
list could be on the server and directly available to the
ISAKMP. Thus, if a client is careless with the private key,
certificates based on it can be quickly revoked.

-- 
Markku Savela (msa@hemuli.tte.vtt.fi) Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/

I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-03.txt Internet-Drafts
RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-0… Waters, Stephen
RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-0… Lisa Wilkinson
RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-0… Markku Savela
RE: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-0… Pyda Srisuresh