SKIP Evaluation?

[Robert Moskowitz]

At 12:37 PM 1/27/2000 +0100, Vasek Petricek wrote:

>Has anyone seen or done some evaluation of the SKIP protocol?

We had quite a few of them for the Montreal IETF meeting  ;)

>It seems to differ from IPSec in that it encrypts a packet using a random
>key that is encrypted using a shared secret and sent together with tthe
>packet. Are there any security risks in doing so, or is the overhead
>considered to be too much?

Not quite.  SKIP is an alternative Key Management Protocol to IKE or
Photuris.  All three establish symetric keying material for IPsec's ESP or AH.

SKIP uses 2 Diffie-Hellman exchanges.  The first is based on 'well known'
keys.  Since there is a small chance that these keys would be cracked over
time, and if used heavily, they are only used to protect an exchange of a
pair of ephemeral D-Hs that actually supply the IPsec KEYMAT.

SKIP ain't so bad, if you have a single administrative domain (it lacks
many of the fine grain policy controls in IKE).  It was this one reason
that I argued against it for VPN usage at the Montreal IETF.  I pointed out
to Ashar that, ignoring the violent security debates about SKIP, this lack
would limit SKIP to homogeneous VPN deployments.  This has since been born
out by some early adopters that have used SunScreen and Checkpoint's SKIP
option.

Now it WOULD be very nice ot have more than one key exchange protocol for
IPsec, trageted at different community needs.  IKE is so complex becuase it
is anything to everyone.  Of course, this is part of the reason IKE 'won'.




>Thanks for any information and your opinions,
>
>Vaclav Petricek
>
>VPN is sponsored by SecurityFocus.COM

Robert Moskowitz
ICSA.net
	(248) 968-9809
Fax:	(248) 968-2824
rgm at icsa.net

There's no limit to what can be accomplished
if it doesn't matter who gets the credit

VPN is sponsored by SecurityFocus.COM