User-Level Authentication in IPsec - PowerPoint PPT Presentation

1 / 4
About This Presentation
Title:

User-Level Authentication in IPsec

Description:

drop SA(s) and negotiate new one(s) Considerations ... DoS susceptibility due to SA establishment prior to authentication if client not ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 5
Provided by: scott420
Category:

less

Transcript and Presenter's Notes

Title: User-Level Authentication in IPsec


1
User-Level Authentication in IPsec
  • Scott Kelly
  • IPsec Remote Access Working Group
  • 47th IETF

2
Main Points
  • Modifying/extending IKE probably not prudent
  • Transition from legacy mechanisms to stronger
    ones is desirable and necessary
  • Even if PKIs were widely deployed, they likely
    would not be entirely sufficient (passwords still
    required)

3
The Mechanism
  • Establish IKE SA
  • server cert, no client auth
  • preshared key
  • server/client certs
  • Establish phase 2 SA which permits authentication
    exchange
  • If authentication succeeds, either
  • modify existing phase 2 attributes, or
  • drop SA(s) and negotiate new one(s)

4
Considerations
  • Underlying requirements must be clearly
    understood
  • Drawbacks
  • DoS susceptibility due to SA establishment prior
    to authentication if client not authenticated
    somehow
  • Strengths
  • can periodically renew authentication without
    additional DH exchanges
Write a Comment
User Comments (0)
About PowerShow.com