Bugtraq mailing list archives
Re: Insecure IKE Implementations Clarification
From: itojun () itojun org (Jun-ichiro itojun Hagino)
Date: Sun, 14 Dec 2003 07:00:00 +0900 (JST)
On Fri, Dec 12, 2003 at 11:00:31PM +0100, Florian Weimer wrote:Thor Lancelot Simon wrote:For what it's worth, the possibility of this general type of attack was repeatedly discussed in the IPsec working group and is a major reason why XAUTH was abandoned. The particular password-stealing attack that I describe as been widely discussed among IKE implementors for at least two years; other implementors probably independently noticed it at least as early as I did, which was three years ago.And we have technology deployed that solves exactly the same problem in a reasonable way: SSH.Yes and no. SSH is not, by itself, a network-layer encryption solution, and there are many applications where that's really desirable. The other issue is, of course, that SSH's model for authenticating host identities is, itself, a mess: in this day and age, it is not acceptable to just punt on the problem of first contact and pretend that users will reasonably exchange key fingerprints offline. The widespread success of sniffing and MITM attacks on the SSH protocol -- all due to users not doing what the protocol, by omitting any means of using a hierarchy or web to validate host keys, requires them to do -- should be proof enough of this.
there are efforts; draft-ietf-secsh-dns-05.txt. itojun
Current thread:
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 12)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Thor Lancelot Simon (Dec 13)
- Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Florian Weimer (Dec 13)
- Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Jimi Thompson (Dec 15)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Jun-ichiro itojun Hagino (Dec 13)