[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: out-of-band key management is like virtual circuits



Please reply on the IPSEC list, as those IPv6 members involved in
security are already on that list.  We have separate lists for separate
IPng features, such as addrconf.

> From: Danny.Nessett@eng.sun.com (Dan Nessett)
> I think it might be useful to approach the in-band/out-of-band key management
> issue from another perspective. Out-of-band management assumes either that
> a synchronized security assocation already exists between the source and
> destination hosts or that when an IP packet is processed, the key management
> software is called to establish this context.

I've already noted (previous messages to the IPSEC list) that the term
"in-band" is inappropriate.  All proposed messages are using IP, not
some other signalling channel.

(It appears that we have an influx of CCITT telco folks, or maybe that's
what they are teaching in grad schools nowadays.)


> Those familiar with X.25 will
> recognize this as a virtual circuit model of operation. In fact I think it
> is a fair characterization that out-of-band key management imposes a
> "security virtual circuit" model on IP security (both IPv4 and IPv6).
>
I'm familiar with X.25, and I see no resemblence.

TCP provides an end-to-end connection.  I know of nobody who would
characterize it as being at all like X.25 or virtual-circuit.

The proposed Photuris IP Security only uses UDP datagrams, not even TCP,
in order to create less state.

The only proposal which suggests a reliable virtual signalling channel
embedded in and on every datagram is, well, the one from Sun, which we
have rejected.


> In-band key management, on the other hand, is philosophically similar to
> dynamic connection management, which is the technique employed by TCP.
> When a connection is required, information is included within the TCP
> header (e.g., syn flag, isn) to allow the construction of a connection
> record at the destination. Similarly, the destination returns information
> (syn ack, its isn), to allow the source to complete the construction of
> its connection record.
>
Yes, this is the model used by Photuris.  It should be no surprise that
the exchange bears a strong resemblence to a TCP handshake, as Phil Karn
has been a long-time TCP implementor.


> An important point that some may have overlooked is that the current draft of
> the IPv6 security Architecture I-D (I couldn't find an security architecture I-D
> for IPv4) encourages the use of user-to-user keying (by specifying that
> implementations MUST support user-to-user keying, but only MAY provide
> for host-to-host keying), rather than host-to-host keying. The implication
> is that everytime a new *user* communicates to a specific machine, the
> key management software will be required to establish a new security
> association.

Indeed, this is a very important feature!  For the reasons which have
been stated to this list on several occasions.  I refer you to the
archives.


> If out-of-band keying is used, this is going to mean, on
> average, very poor performance, since the key management protocol must
> use a separate communications stream to establish the keys for use before
> communications on the stream originating the key management activity
> can proceed.
>
Since we do not have "streams", this makes no sense.  Of course user UDP
datagrams do not "flow" during IP Security datagrams, as datagrams use
bandwidth.  This will make no difference to the user, which does not see
datagrams.

Do you have a technique which involves no bandwidth or computation?

Bill.Simpson@um.cc.umich.edu


Follow-Ups: