[Openswan Users] X.509 key usage

Andreas Steffen andreas.steffen at strongsec.net
Mon Jul 19 17:45:40 CEST 2004 

What if *swan is the client and Windows the LT2P server?

IPsec is a peer-to-peer protocol and doesn't differentiate between
client and server side. Therefore it would be difficult to enforce
authentication client and/or server EKUs. Pluto would have to take
into account the [left|right]protoport settings and do some risky
guesswork. As far as I know Windows uses a machine certificate for
IPsec authentication and an optional user certificate for the L2TP/PPP
login on top of IPsec. Am I right in the assumption that the client EKU
is used in the user certificates only but not in IPsec machine
certificates?

Regards

Andreas

Jacco de Leeuw wrote:
> Andreas Steffen wrote:
> 
>> 4.1.3.13. ExtendedKeyUsage
>>
>>     No ExtendedKeyUsage usages are defined specifically for IPsec, so if
>>     this extension is present and marked critical, use of this
>>     certificate for IPsec MUST be treated as an error unless the
>>     extension contains the anyExtendedKeyUsage keyPurposeID, which
>>     asserts that the certificate can be used for any purpose.
>>     Implementations MAY ignore this extension if it is marked non-
>>     critical. Implementations MUST NOT generate this extension in
>>     certificates which are being used for IPsec.
> 
> 
> The L2TP/IPsec client included with Windows 2000/XP uses ExtendedKeyUsage
> for distinguishing between certificates issued to client and servers,
> respectively. The "Client Authentication" EKU has a value of 
> 1.3.6.1.5.5.7.3.2
> for instance. If a client certificate does not contain this EKU, an 
> attacker
> could use this client certificate to pose as a 'server' to other clients.
> 
>> Gregor, in your opinion, what would be the gain in terms of
>> increased security by heeding the keyUsage flags? Which would be the
>> most important checks you'd like to see implemented in *swan?
> 
> 
> Perhaps certificates presented in L2TP/IPsec connections could be checked
> for the "Client Authentication" EKU, but it's probably not that important.
> If ever a stolen server certificate is presented as a client certificate
> you have bigger problems :-)
> 
> Jacco

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

More information about the Users mailing list