IETF Logo Mail Archive

Re: SOI: preshared

Michael Thomas <mat@cisco.com> Mon, 19 November 2001 20:22 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAJKMt820482; Mon, 19 Nov 2001 12:22:55 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id OAA10210 Mon, 19 Nov 2001 14:37:41 -0500 (EST)
From: Michael Thomas <mat@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <15353.24948.198728.631259@thomasm-u1.cisco.com>
Date: Mon, 19 Nov 2001 11:45:56 -0800
To: Henry Spencer <henry@spsystems.net>
Cc: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI: preshared
In-Reply-To: <Pine.BSI.3.91.1011119130123.6158E-100000@spsystems.net>
References: <15353.11388.281025.686412@thomasm-u1.cisco.com> <Pine.BSI.3.91.1011119130123.6158E-100000@spsystems.net>
X-Mailer: VM 6.72 under 21.1 (patch 6) "Big Bend" XEmacs Lucid
X-Face: &, heK/V66p?[2!i|tVn, 9lN0TUvEv7:9FzXREj/AuzN4m<D]vnFJ>u!4x[/Z4t{V}~L]+Sk @RFNnJEg~WZ/(8<`5a), -7ukALWa^&?&D2R0CSG3kO5~#6JxLF\d, g">$%B!0w{W)qIhmwhye104zd bUcI'1!
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

The consequence of using naked public keys in lieu
of symmetric keys is that you incur the cost of
both a DH and a RSA operation. You could
conceivably get rid of the DH if you don't care
about identity, but for preshared keys it seems
questionable why you'd want to do _either_.

		 Mike

Henry Spencer writes:
 > On Mon, 19 Nov 2001, Michael Thomas wrote:
 > > 1) Should we deem peer-peer preshared keying bogus?
 > 
 > I think the crucial requirement here is for some *simple* method of
 > authentication, which can work effectively without outside assistance or
 > elaborate supporting infrastructure, as a fallback measure for use in
 > simple or constrained situations and in troubleshooting.  As a historical
 > analogy, consider hosts.txt (aka /etc/hosts) vs. DNS. 
 > 
 > The simple mechanism doesn't have to scale, and it doesn't have to be
 > particularly convenient to administer, but it should be there.
 > 
 > There is no strong reason why the simple mechanism can't be public-key
 > signatures rather than shared secrets.  Public keys are immensely superior
 > to shared secrets in most ways, and as we've demonstrated with FreeS/WAN,
 > they don't have to be much more complicated to use.  (There's a widespread
 > myth that you can't do public keys without certificates; not so.)
 > 
 > Anything involving a PKI definitely does not qualify.
 > 
 > > 2) If not, should SOI inherently be a dual (triple...)
 > >    authentication mechanism protocol?
 > > 3) If so, how do we bound the authentication
 > >    mechanisms to keep IKE manageable?
 > 
 > There needs to be an easy-to-administer highly-scalable mechanism for
 > large-scale use, and a dead-simple zero-infrastructure mechanism for
 > experimenting, constrained situations, and troubleshooting.  If those
 > mechanisms can't be the same at the keying-protocol level -- we think they
 > can, by the way -- then that's two.  There is no requirement for more. 
 > 
 >                                                           Henry Spencer
 >                                                        henry@spsystems.net
 >

v2.37.1 | Report a Bug | By Email | System Status