[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Security Considerations



On Tue, May 20, 2003 at 05:51:22PM -0400, Michael Richardson wrote:
>     >> If the attacker was not able to subsequently mount a second man-in-
>     >> the-middle attack on the IKE negotiation, then this would result in a
>     >> denial of service, as the authentication used by IKE would fail.
>     >> 
>     >> If the attacker was also in a position to perform a man-in-the-middle
>     >> attack on IKE and IPsec negotiations as well, then it would be a
>     >> position to compromise the resulting IPsec channel.  Note that an
>     >> attack must be able to perform active DNS attacks on both sides of
>     >> the IKE negotiation in order for this to succeed.
> 
>     Jean-Jacques> I see your point, but is it expected that IKE initiator and responder
>     Jean-Jacques> will both use IPSECKEY RR ? I think asymetric scenarios may happen
>     Jean-Jacques> (initiator using IPSECKEY and responder an other scheme).
> 
>   That's true. I have certainly done this in the past!
>   Both ends *do* need to have their public key's spoofed to get in the middle.
>   

Sorry, I don't know if I was clear about why I was talking about that.
In the (latests) SC sentence: 
>											Note that an attacker must
>be able to perform active DNS attacks on both sides of the IKE
>negotiation in order for this to succeed.

I think we should only state:
>											Note that an attacker must
>be able to perform active attacks on both sides of the IKE
>negotiation in order for this to succeed.

An active DNS attack against at least one side is what this
security consideration deals with. The active attack on the other side
depends on the other channel elected to get public key. This may be
also DNS (in which case, the other active attack is also against DNS),
or PKI, relation to a crypto-based address, keys shared on a mounted
filesystem, pieces of paper with hand-written keys, etc.
Note also that in the present case, the attacker is in position to
modify phase 1 payloads to force choice of identities, kind of
authentication, etc. All of this may affect the choice of channels
elected to get the public keys.

Please, if I'm wrong, may someone explain why active DNS attacks MUST
be performed against BOTH sides in this case.

--
Jean-Jacques Puig
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.