[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-bradner-pbk-frame-04.txt

To: iesg@ietf.org
Subject: Comments on draft-bradner-pbk-frame-04.txt
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Wed, 30 Apr 2003 16:17:32 +0200 (CEST)
Cc: erik.nordmark@sun.com

   There is an "initial leap of faith" about the pseudonymous identity
   since it has no parties, other than the issuer, vouching for it, and
   though only the issuer holds the private key, a man-in-the-middle
   attacker may appear to hold and use the identity without good care
   being taken in a protocol design that makes use of PBK. Therefore,
   the designer of such a protocol should be aware of this risk and
   include a challenge-response confirmation step.  The challenge-
   response step should have the property of needing the private key for
   decryption and include a nonce.

The "good care" part could easily be misconstrued that a good use of PBK
could prevent MiTM. Does it make sense to add some more detail here
saying that careful use of PBK requires trying to minimize the set
of nodes who can succeed as MiTM?
(I think attackers that can see the packets between the communicating
peers can be a MiTM no matter what care is taken - this is a result
of the leap of faith.)

Perhaps the believed residual threats ("believed" because this is not
a complete protocol proposal that can be carefully analyzed) should be stated
in the security considerations - the believed ability to limit MiTM to
nodes that can see the nonces being exchanged.

  Erik

Prev by Date: Proceedings with snapshot of complete I-D directory
Next by Date: **New Telechat Agenda Categories**
Previous by thread: Proceedings with snapshot of complete I-D directory
Next by thread: **New Telechat Agenda Categories**
Index(es):
- Date
- Thread