[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: out-of-band key management is like virtual circuits

To: ipng@sunroof.eng.sun.com, bound@zk3.dec.com
Subject: Re: (IPng) Re: out-of-band key management is like virtual circuits
From: ashar@osmosys.incog.com (Ashar Aziz)
Date: Fri, 24 Feb 1995 14:15:39 -0800
Cc: atkinson@itd.nrl.navy.mil, ipsec@ans.net


> >I agree that key mgmt protocols should not be forced to use in-band techniques.
> >I think all of us (and there have been at least 5 messages from different
> >people on this list asking for in-band signalling) would like the *option*
> >of using in-band signalling. Then we can let the market decide which is
> >the best approach.
> 
> 100% support on this.  Let the option exist and let us who will build
> IPv6 security see if the market wants it.

Jim and Danny are absolutely right. Let's leave the option in.
Let's not close our options on in-band key-mgmt (or any kind
of key-mgmt for that matter) when the operational experience of 
Internet-wide key-mgmt is very limited at best.

Danny is absolutely correct about the IP-over-X.25 analogy. The TCP-is-also-
connection-oriented isn't an appropriate analogy because TCP runs over 
IP, whereas IPSP is supposed to run underneath IP, at least in what will 
be one of the prevalent modes (IP encapsulation in IPSP).

We have serious concerns about being limited to a cached-VC-like model
with IPSP/IPv6. We anticipate this approach to be problematic on secure 
servers with a large number of clients, and firewalls with a large number
of remote IP clients.

The cached-security-session approach is even more problematic than
your typical cached VC situation because of the problem of "half-open-
connections".  This is when one side crashes and loses the shared session 
state. Normally, one can simply blow away half-open connections when 
the side that has crashed detects them. This is not so trivial for a 
security session because this has to be done securely, otherwise 
denial-of-service attacks would be trivial. (Not to say that this can't 
be solved, but this at least presents another complication).

With the approach that we have proposed, there are no half-open
connections because there are no connections to begin with. Leaving
in the option to do in-band key-mgmt let's people experiment with
the connection-less approach.

Finally, as they say, the proof is in the pudding. Let's build
and deploy some of these approaches to gain operational experience.
Towards this end, we will soon be making our key-mgmt/IPSP software
freely available (subject to US export regulations, of course). Stay
tuned.

Regards,
Ashar.

Follow-Ups:

Re: (IPng) Re: out-of-band key management is like virtual circuits

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
Next by Date: Re: (IPng) out-of-band key management is like virtual circuits
Prev by thread: Re: (IPng) Re: out-of-band key management is like virtual circuits
Next by thread: Re: (IPng) Re: out-of-band key management is like virtual circuits
Index(es):
- Main
- Thread