Re[2]: IKMP Security Exchange Negotiation

[Paul_Lambert-P15452@email.mot.com]

---------------------------------- Forwarded ----------------------------------
From: Lambert Paul P15452 at AZ-SECTEL
Date: 12/16/94 6:16PM
To: ipsec@ans.net at #EMAIL
cc: Lambert Paul P15452
Subject: Re[2]: IKMP Security Exchange Negotiation
-------------------------------------------------------------------------------

Excuse the double posting if this has already hit the list.

p.l.
_______________________________________________________________________________
Subject: Re: IKMP Security Exchange Negotiation
Author:  Lambert Paul P15452
Date:    12/14/94  2:48 PM



Here are a few ramblings about negotiation of different IKMP key establishment 
approaches.

Paul

-------------------

>ashar<
>Like you said, it isn't free. If you dont want it, dont need it,
>you shouldn't have to pay for it.


>     Paul,
>
>     I pretty much agree with this....how do we get an IMKP protocol that
>     will let us do both?
>
>     Jim Zmuda

Jim,

Use of a SAMP-like Security Exchange option negotiation might work.
for example if we have Security Exchange Identifiers: A, B, C
each with defined exchanges:

A1, A2, A3, A4, A5, A6

B1, B2, B3, B4

C1, C2, C3, C4

The sequence of events (e.g. A1 to An) could correspond to a D-H exchange, a 
Photuris exchange (with cookies), or any other key establishment exchange.

As an example you could send PDUs like:
Note the arrows (  ->  and <-  indicate the flow of duplex traffic)


Example 1 - Initiator declares that it can use A, B, or C security exchanges.  
Responder picks B.  Exchange continues.

->  (A,),(B,),(C,)
<-  (B,)
->  (B,B1)
<-  (B,B2)
->  (B,B3)
... etc.



or 

Example 2 - Initiator declares A, or B and includes the first exchange info for 
both A and B.  The responder replies with B and the second exchange step of B.  
Note that this saves two steps over example 1.


->  (A,A1),(B,B1)
<-  (B,B2)

... etc.


Example 3 - Initiator declares support for A, B, or C and includes the first 
exchange for A.  Note that ordering could indicate initiator preference in the 
negotiation.  This examples shows how the protocol can be optimized for a 
prefered approach, A, but still allow negotiation to another technique.

->  (A,A1),(B,),(C,)
<-  (A,A2)
->  (A,A3)
->  (A,A4)
... etc.


This negotiation approach would work quite well to support the various security 
requirements that the working group is pursuing.  As another example, assume we 
have two Diffie-Hellman based exchanges:

DH - a basic Diffie-Hellman approach
KC - a Diffie-Hellman exchange with two extra exchanges to support cookie 
     PDUs to reduce the impact of flooding attacks (Karn-Cookies).



Example 4 - most systems might not want to use the extra PDUs to limit the 
flooding attacks.  Most of the time the two extra cookie PDUs are not needed.
->  (DH,DH1),(KC,)
<-  (DH,DH2)
... etc.

Example 5 - The cookies are needed when a recipient feels threatened (purhaps 
it just recieved a bogus DH initiation).  It is then very important to allow 
the recipient to request a cookie using a stateless response:
->  (DH,DH1),(KC,)
<-  (KC,)
->  (KC,KC1)
<-  (KC,KC2)
... etc.

Example 6 - Example 6 adds two PDUs beyond the cookie exchange.  This could be 
reduced if initiators always sent a cookie along with the more common DH (my 
assumption) exchange:
->  (DH,DH1),(KC,KC1)
<-  (KC,KC2)
... etc.


Example 6 may not be worth the extra exchange bits if example 5 is an uncommon 
scenario.

---

• Prev by Date: Test Message
• Next by Date: Re: Clogging attacks on SKIP
• Prev by thread: Test Message
• Next by thread: Re[4]: IKMP Security Exchange Negotiation
• Index(es):
  • Main
  • Thread