Re: Insecure IKE Implementations Clarification

[Florian Weimer <fw@deneb.enyo.de>]

Thor Lancelot Simon wrote:

> For what it's worth, the possibility of this general type of attack was
> repeatedly discussed in the IPsec working group and is a major reason
> why XAUTH was abandoned.  The particular password-stealing attack that I 
> describe as been widely discussed among IKE implementors for at least two
> years; other implementors probably independently noticed it at least as
> early as I did, which was three years ago.

And we have technology deployed that solves exactly the same problem in
a reasonable way: SSH.

> What's pretty disturbing is that there is wide understanding of this
> issue among actual protocol implementors, but that Cisco field personnel
> continue to quite plainly tell customers that it does not exist at all,
> even when the risk to those customers is huge.

I have to admit that we were blinded as well.  I didn't look too closely
at XAUTH at that time because it was proprietary software and no
GNU/Linux client was in sight.  We should have forced Cisco to implement
hybrid mode over two years ago, but failed to do so.  I'm sorry about
that mess.