[anonsec] details of IKE/IPsec channel binding
mcr at sandelman.ottawa.on.ca
Thu Apr 5 06:33:00 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> That's because EAP, by its applicability, would be used in
Nicolas> IPsec VPN-type use cases, and so the end-points of the
Nicolas> channel would be the client and the SG, which have already
Nicolas> authenticated each other, so why authenticate again at the
Nicolas> application layer?
Because the application layer isn't aware of whether or not the "VPN"
is actually active or not. Take the case of a laptop doing an NFS mount
of a server (assume NFS server and VPN gateway are co-located, such as
happens with a small office server).
When at "home", there is no tunnel, so the application needs to
authenticate. When remote, it can exploit the IPsec tunnel that exists.
(Ironically, if you have any hardware offload on the gateway, it would
actually be better to use the IPsec all the time, since the hardware is
likely faster, and you can, when local, probably get more use of it...)
Nicolas> Well, the channel binding could be done inside EAP, and
Nicolas> this could be used to enroll client public keys (a useful
Nicolas> use case if you want to do two-factor authentication where
Nicolas> one factor is a BTNS key and it is enrolled by one-time
Nicolas> one-factor authentication).
But, it still doesn't tell the application that it can avoid a second
layer of encryption.
Nicolas> Look at RFC2743 or RFC2744 and look at the function
Nicolas> signatures for
Nicolas> In the GSS-API (and in SASL/GS2) channel bindings are as an
Nicolas> input to a black box at each peer -- both have to provide
Nicolas> the same channel binding octet strings, else -> failure[*].
Nicolas> The black box can (and does, e.g., in the case of the
Nicolas> Kerberos V GSS mech) cause hashes/MACs of the channel
Nicolas> bindings octet strings to be exchanged.
But are they compared with memcmp(), or with a function?
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the ANONSEC