[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clogging attacks on SKIP

To: Ashar.Aziz@eng.sun.com (Ashar Aziz)
Subject: Re: Clogging attacks on SKIP
From: " " <amir@watson.ibm.com>
Date: Thu, 15 Dec 1994 15:05:17 -0500
Cc: amir@watson.ibm.com, ipsec@ans.net
In-Reply-To: Your message of "Wed, 14 Dec 1994 11:16:26 PST." <9412141916.AA00245@miraj.Eng.Sun.COM>


Ashar Aziz says:

> >> First, let me mention that the pair keys Kij always (conceptually)
> >> exist, and can be precomputed *prior* to any communication attempt.
> >>
> >I think this is not reasonable for many applications. In particular, it
> >is not reasonable for the `firewall' application where a firewall of an
> >organization is the endpoint of (some) tunnels leading to the organization,
> >a scenario which the group has decided we must support (see Paul's note).
> >The number of potential Kij's is simply too large (practically unbounded).
>
> We have to be clear what firewall scenario we are talking about.
>
> If we are talking about firewall-to-firewall

No.

> Second, the end-node to firewall, a scenario used to access organizations
> from either home or some public network

This is the scenario I talk about. The end-node does not even have to be
of an employee, though. It could be a customer, or employee of a trading
partner, etc...

> is limited to the number of
> machines coming in over the public networks using that one particular
> access point.

No - it is limited to the number of machines which _may_ use this access
point. This number can be prohibitively large. Furthermore, it is
impractical to require that all these machines are predefined to the
firewall, due to administrative reasons (when a new employee joins in we
can't update all firewalls of the company, much less of all partners).

> So, I disagree with your contention that the Kijs become unbounded
> for the firewall scenario.
>
I don't see your justification. Please address the context I've
elaborated on above.

> An ACL always exists, whether it is wildcarded or expressed in
> "not allowed" terms. What I was trying to say is that if everyone
> is allowed, there is no point to authenticate the access.

I agree with this. But what you said implied that the existance of an ACL
limits the number of potential keys that should be pre-stored. Clearly this
argument does not hold for wildcard ACLs. That was my argument.

> I must also disagree with your contention. This is *not* the same
> as the initial communication to compute session or master keys using
> traditional techniques, because precomputing SKIP master keys doesn't even
> require the machines for which master keys are being computed to be connected
> to the network or to be online. All that is required are the remote
> certificates, which may be obtained from a local cache, a local directory
> server etc.

You are right - this is different. Therefore, this is an advantage of
having SKIPish master keys. However it still applies only to known
partners.

Best, Amir

References:

Re: Clogging attacks on SKIP

From: Ashar.Aziz@eng.sun.com (Ashar Aziz)

Prev by Date: Perfect fwd secrecy and authentication
Next by Date: Re: Proposal: Perfect forward (proactive) SECURITY a MUST
Prev by thread: Re: Clogging attacks on SKIP
Next by thread: Re: Clogging attacks on SKIP
Index(es):
- Main
- Thread