"ISAKMP" flaws?

Paul Hoffman paul.hoffman at vpnc.org
Wed Nov 30 12:14:23 EST 2005 

At 11:15 PM +1300 11/20/05, Peter Gutmann wrote:
>Unless you're the one paying someone $200/hour for it.

Exactly. It prevents organizations who want security but cannot 
afford someone who understands it well from using IPsec. Optimally, 
someone should be able to say little more than "I want to do strong 
crypto and make a network with that guy over there; he will trust 
this ID and I will trust that ID; do it". That is not possible now. 
It is arguable that it isn't doable with SSL/TLS, either, but it's a 
heck of a lot closer there than in IPsec.

>Somehow I suspect that this (making it so unworkable that you have to hand-
>carry configuration data from A to B) wasn't the intention of the IKE
>designers :-).

Correct. When the IETF was designing IKEv2 after seeing what 
real-world deployments of IKEv1 were causing, it was pointed out that 
this is not a "negotiation" but really "the responder always picks". 
Therefore, there was a suggestion that instead of having all this 
pre-arranged setup, we do "ask the responder what he wants", which is 
much simpler. We rejected that idea early on for (IMHO) bad reasons.

On the other hand, no other widely-deployed security protocol seems 
to have made this leap of understanding either.

>   It's not just the keying data though, it's all configuration
>information.

Exactly. You can always tell a user "pick crypto suite A" and they 
can figure it out. Imagine telling them "figure out the network 
topology you want the other side to see, then figure out the network 
topology you expect to see, then write them down exactly".

>One networking guy spent some time over dinner recently
>describing how, when he has to set up an IPsec tunnel where the endpoints
>aren't using completely identical hardware, he uses a hacked version of
>OpenSWAN with extra diagnostics enabled to see what side A is sending in the
>IKE handshake, then configures side B to match what A wants.

It is easier than that: just use Ethereal. It decodes the first four 
packets just fine.

>Once that's
>done, he calls A and has a password/key read out over the phone to set up for
>B.

How does he fit his sneakers over the phone? :-)

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list