[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Architectural relationship between KMP and IPSP

To: "ipsec" <ipsec@ans.net>
Subject: Architectural relationship between KMP and IPSP
From: "Tim Dean" <DEAN@hydra.dra.hmg.gb>
Date: 12 Jul 94 10:26:00 WET


Has much thought been given to the architectural relationship between the IPSP
and key management protocol(s) (KMPs)?  If it has, then could someone summarize
the discussions for my benefit, or point me in the right direction. Many Thanks!
Alternatively, here is my two penny'worth on some of the issues:

Clearly, the IPSP/KMP relationship has some important consequences for the
development of an IPSP.  For example:

Option 1: If the KMP runs as an `application' over TCP, something special must 
happen when KMP packets hit the IPSP layer (it can't be treated like a normal
application because when the first packet comes down, IPSP would discover no
security association exists causing a recursive call back to the KMP: hence
deadlock).  Either:

        - KMP packets pass transparently through or bypass the security layer,
        and so KMP must provide all its own security services (peer entity
        authentication, replay detection etc)

	or:
        - the KMP could use a special pre-placed security association.  But this
        would mean that pairwise SAs would need to be put in place for all
        systems that may wish to communicate, which sounds unworkable.

Whichever of the above is chosen the effect on the IPSP is that it has to detect
KMP packets in some way and treat them differently from other applications.  How
would this be achieved?  Altenratively, (the most flexible solution?) IPSP could
offer some general method of signalling security services to and from
applications.

Option 2: The KMP doesn't run over the normal TCP stack, but sits `by the side' of 
IPSP inside the network layer.  This means that it must implement its own
retransmission and cope with duplicate messages.  This approach has the minimum
impact on IPSP, but means a new protocol number must be allocated to the KMP on
the `black' network.

Option 3: The KMP sits above IPSP, but not running over the normal TCP stack.  In 
this case IPSP could spot the KMP protocol number and do something special with it
such as passing it straight through unchanged.


If these issues have not been fully aired before, is there scope at the
forthcoming meeting to discuss some of them? Which session do they fall into -
KM or IPSP?


Tim Dean

                                                  Rm L110, DRA-Malvern
Open Distributed Systems                          St Andrew's Road
Software Engineering and CIS Technology Dept      Malvern
Defence Research Agency                           Worcestershire
                                                  Tel: +44-684-894239
                                                  Fax: +44-684-896113
                                                  E-mail: Dean@hydra.dra.hmg.gb

Follow-Ups:

Re: Architectural relationship between KMP and IPSP

From: Phil Karn <karn@qualcomm.com>

Prev by Date: IPSEC Meeting Date Change
Next by Date: Re: Architectural relationship between KMP and IPSP
Prev by thread: IPSEC Meeting Date Change
Next by thread: Re: Architectural relationship between KMP and IPSP
Index(es):
- Main
- Thread