Hi, I'm very much concerned with the IKE-less option presented in the draft.
First, the Network Controller becomes a very attractive target for attacks in this case, since an attacker, if attack is successful, will gain all the keys for the whole system. Then, it is not clear for me how the keys are distributed in this case from the Network Controller to the End Entities. I presume that they are not sent in clear, so the End Entities must already have capabilities to run some security protocol (TLS, IPsec), and thus they must be already provisioned out of band with some security credentials (keys, certificates). So I don't understand what you gain in case you don't run IKEv2 on End Entities. In general, central distribution of session keys looks much less secure, than running IKEv2 on them. You loose PFS property, you loose the property that no one but the peers know the session keys etc. It is more fragile too. You must perform periodical rekey (update keys) and this must be done synchronously. All the rekey problems that were solved by IKE will arise again. Regards, Valery Smyslov. _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
