[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Deletes and cookies - problem

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: Deletes and cookies - problem
From: Greg Carter <carterg@entrust.com>
Date: Fri, 10 Jan 1997 17:12:34 -0500
Sender: owner-ipsec@ex.tis.com

Under Section 2.4 Identifying Security Associations
	"ISAKMP uses the two cookie fields in the ISAKMP header to identify
ISAKMP SAs."

I take this to mean that the combined cookies identify the SA, there is
wording elsewhere in the draft which supports this.

Under Section 2.5.3 Anti-Clogging Token (Cookie) Creation of the ISAKMP
draft (page 21)it states:

	"ISAKMP requires that the cookie be unique for each SA establishment,
SA Notify,
	 and SA Delete to help prevent replay attacks."

Does this imply that the new cookies are for the new ISAKMP SA which
must be negotiated in order to delete the old ISAKMP SA  or does this
mean that for each establishment and informational exchange the cookies
must be unique.  If it is the former then the statement is redundant and
misleading and should only state

"ISAKMP requires that the cookie be unique for each ISAKMP SA
establishment or SA Notifies sent when SA establishment has failed."

If it is the latter (how I interpret it) there are problems.

Referring to section 4.8 Informational Exchange (page 51):

	"Once an ISAKMP SA has been established, the Informational Exchange
MUST be
	transmitted under protection provided by the ISAKMP SA."

If a new cookie is generated for the Delete(Informational exchange) how
are we supposed to identify what SA (ie the encryption algorithm, key)
that is being used to protect the remainder of the packet?

It would seem clear that if the combined cookies are to be used to
identify ISAKMP SAs, that they cannot change from ISAKMP SA
establishment to SA delete (for any protocol).  Since a delete will only
ever be sent after an SA has been established there is never a case to
generate a new cookie when sending deletes.  For Notify messages where
an ISAKMP phase one negotiation has failed a new cookie should be
generated, otherwise the message is sent under protection of the SA and
therefore the original cookies are needed to identify the SA used to
protect it.

If I am missing something let me know.

Thanks
Bye.






----
Greg Carter
Nortel Secure Networks - Entrust
carterg@entrust.com

Prev by Date: Re: IPsec and TCP
Next by Date: 2ND ANNOUNCEMENT: ISOC 97 SYMP NETWORK & DISTRIBUTED SYSTEM SECURITY
Prev by thread: IPSEC DOI doc and Identification Payload
Next by thread: 2ND ANNOUNCEMENT: ISOC 97 SYMP NETWORK & DISTRIBUTED SYSTEM SECURITY
Index(es):
- Main
- Thread