[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris questions

To: ipsec@ans.net
Subject: Re: Photuris questions
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Wed, 13 Sep 95 22:34:17 GMT

> From: Hilarie Orman <ho@cs.arizona.edu>
> We think you might need classes ala ISAKMP to implement Photuris; there are
> some ambiguities in the spec that would be solved by them.  It's
> possible that we think this only because our reading of Photuris is
> more general than is intended, but some things are not clear about
> the negotiation.
>
Could you please be more specific?

In recent drafts, algorithms which can be used for more than one purpose
are indicated by the list in Appendix B.  But each such use is clearly
distinguished in other specifications.  You can't use MD5 for ESP....

That's why the "classes" are utterly unnecessary.  The implementor needs
to make the decisions, not the user/operator.


> Can you use one algorithm for hashing during
> key exchange, and a different one for the AH algorithm?

Yes.  The session-key hash function (Key-Transform) is already separate
from the AH algorithm (I/R Transform).

And of course, you can add new SPIs at will....  Most folks will use ESP
I/R Transforms for the Signature step, and then either use the same
SPI-key for both AH and ESP on later traffic, or add a second SPI-key
for AH with the key_change, or even a series of SPI-keys for ESP.  The
I/R Transforms might _only_ be used for running Photuris!

Perhaps the word "transform" is over used.  I will go through and call
things "algorithms", "choices", "features", "methods" and "techniques"
instead, and leave "transform" for the AH and ESP packets alone.


> Can the
> initiator indicate to the responder that it demands that the responder choose
> privacy for the responder-initiator ESP?
>
Huh?  All responder->initiator SPIs are chosen BY the initiator from the
responder's list of supported attributes.  That takes care of "demand".

But the responder can simply refuse to support privacy.  Photuris was
designed to work on all nets including AMPR nets, and they are not allowed
to encrypt at all!


> Separately, we've stumbled over an issue in the architecture spec that
> is reflected in the Photuris draft; it implies that for ESP you can
> choose auth AND priv.  I think it means you can choose one or the
> other, not both, but we haven't found the clarifying words yet.
>
If you _have_ such an algorithm, you _can_ choose both auth and priv for
ESP.

However, DES only supports priv.  So, you would need both DES and MD5
for your selected attributes.  Mix and match: 3DES, SHA, etc....


> Can one SA be used for AH and ESP?  Your recent message indicate this is so.

Yes.  If the attributes listed for a particular SA have both DES and
MD5, you would expect arriving packets to have both AH and ESP headers,
with the same SPI for both.

This is probably not optimal, as others have indicated they prefer
separate SPI-keys for AH and ESP.


> How does Photuris go about getting keys for the two algorithms?
>
The session keys are bound to the SPIs.  More SPIs means more session keys.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Follow-Ups:

Re: Photuris questions

From: Hilarie Orman <ho@cs.arizona.edu>

Prev by Date: Re: replay attacks
Next by Date: Re: replay attacks
Prev by thread: Photuris questions
Next by thread: Re: Photuris questions
Index(es):
- Main
- Thread