Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
Yaron Sheffer <yaronf@checkpoint.com> Fri, 05 March 2010 06:28 UTC
Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 236873A8EDE; Thu, 4 Mar 2010 22:28:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.088
X-Spam-Level:
X-Spam-Status: No, score=-3.088 tagged_above=-999 required=5 tests=[AWL=-0.240, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dxwHkNjnXzY7; Thu, 4 Mar 2010 22:27:58 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id B0B773A8ED9; Thu, 4 Mar 2010 22:27:42 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o256Rcsd024136; Fri, 5 Mar 2010 08:27:38 +0200 (IST)
X-CheckPoint: {4B90A306-1-1B201DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Fri, 5 Mar 2010 08:27:57 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "uri@ll.mit.edu" <uri@ll.mit.edu>
Date: Fri, 05 Mar 2010 08:27:36 +0200
Thread-Topic: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
Thread-Index: Acq799nyB6tDKbUBQ6KNUclA+FHs/QANAOjA
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB5981@il-ex01.ad.checkpoint.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB5975@il-ex01.ad.checkpoint.com> <E1NnL47-0006J8-Vx@wintermute02.cs.auckland.ac.nz>
In-Reply-To: <E1NnL47-0006J8-Vx@wintermute02.cs.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2010 06:28:02 -0000
Hi Peter, I completely agree with the rest of the argument. But I don't know of a realistic way to do it with TLS-PSK (people will *always* use short passwords, it's not like it's the exception to the rule). TLS-SRP is one possible solution. Or, as Yoav suggests, TLS-EAP with several alternatives, including EAP-PWD and EAP-EKE. In some interesting cases, EAP-AKA might also be appropriate. Unfortunately the IAB thinks that TLS-EAP is Bad Bad Bad (http://tools.ietf.org/html/draft-iab-auth-mech-07#section-10.2.4). So it's back to PKI. Sigh. Thanks, Yaron > -----Original Message----- > From: pgut001 [mailto:pgut001@wintermute02.cs.auckland.ac.nz] On Behalf > Of Peter Gutmann > Sent: Friday, March 05, 2010 2:07 > To: pgut001@cs.auckland.ac.nz; uri@ll.mit.edu; Yaron Sheffer > Cc: cfrg@irtf.org; ipsec@ietf.org > Subject: RE: [IPsec] [Cfrg] Beginning discussion on secure password- > only authentication for IKEv2 > > Yaron Sheffer <yaronf@checkpoint.com> writes: > > >Can someone please explain the joke to me? Nelson was asked about TLS- > PSK > >(RFC 4279) and he replied that it can easily be abused. TLS-PSK > (similarly to > >IKE- PSK) is vulnerable to dictionary attacks if used with a short > secret > >(a.k.a. "password"), at least in the presence of an active attacker. > So I > >think his response was entirely appropriate. What am I missing? > > Thinking through the rest of the argument, which is: > > - We currently have a (supposedly) multi-billion dollar global industry > built > around the total failure of the existing browser authentication > model. > > - Mutual authentication, in which the server has to prove knowledge of > the > user's credentials before the user can connect, would cause a serious > headache for phishers. > > - The FF developers have chosen not to implement this because, in the > special- > case situation where it's done really badly, it could theoretically > be > abused (note the special-case qualification of "if used with a short > secret", for which the answer is "well don't do that, then"). > > This is balanced against the currently-used model which pretty much > doesn't > work at all right out of the box, no matter what you do with it. > > - Phishers the world over breathe a sigh of relief, and business > continues as > usual. > > Peter. > > Scanned by Check Point Total Security Gateway.
- [IPsec] Beginning discussion on secure password-o… Paul Hoffman
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Hannes Tschofenig
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Paul Hoffman
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Steven M. Bellovin
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Yaron Sheffer
- Re: [IPsec] Beginning discussion on secure passwo… Dan Harkins
- Re: [IPsec] Beginning discussion on secure passwo… Yaron Sheffer
- Re: [IPsec] Beginning discussion on secure passwo… Paul Hoffman
- Re: [IPsec] Beginning discussion on secure passwo… Dan Harkins
- Re: [IPsec] Beginning discussion on secure passwo… Dan Harkins
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Blumenthal, Uri - 0662 - MITLL
- Re: [IPsec] Beginning discussion on secure passwo… Black_David
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Steven M. Bellovin
- Re: [IPsec] Beginning discussion on secure passwo… Dan Harkins
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Steven M. Bellovin
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Black_David
- Re: [IPsec] Beginning discussion on secure passwo… Yaron Sheffer
- Re: [IPsec] Beginning discussion on secure passwo… Yoav Nir
- Re: [IPsec] Beginning discussion on secure passwo… Tero Kivinen
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Blumenthal, Uri - 0662 - MITLL
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Blumenthal, Uri - 0662 - MITLL
- Re: [IPsec] [Cfrg] Beginning discussion on secure… thomwu
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Steven M. Bellovin
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Blumenthal, Uri - 0662 - MITLL
- [IPsec] [Fwd: Re: Beginning discussion on secure … Dan Harkins
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Dan Harkins
- [IPsec] [Fwd: Re: Beginning discussion on secure … Dan Harkins
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Black_David
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Blumenthal, Uri - 0662 - MITLL
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Yaron Sheffer
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Yoav Nir
- Re: [IPsec] [Cfrg] Beginning discussion on secure… Yaron Sheffer