[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[6]: ISAKMP performance

To: pcalhoun@usr.com
Subject: Re: Re[6]: ISAKMP performance
From: Steven Bellovin <smb@research.att.com>
Date: Tue, 22 Jul 1997 13:21:29 -0400
cc: ho@earth.hpc.org (Hilarie Orman), ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

	 Now, storing the SA off to some third party is a VERY interesting 
      idea. Presumably NAS(a) could send SA information to this third party, 
      which would obviously be trusted. Do we know of any such thing being 
      run today? I would assume that the keys being passed to this third 
      party would be encrypted using a key encryption key which only NAS(a) 
      could decrypt. How do most folk feel about this design?

It's quite attractive, and in fact the third party need not be trusted
in the cryptographic sense.  As you note, the information is encrypted
(including an authenticity check) with a NAS(a)-only key, and hence is
tamperproof.  It could fail to respond, or it could respond with a
damaged or fraudulent package, in which case the NAS simply establishes
a new security association.  In other words, this third party is a cache.

But that all begs the question of whether or not it's worth doing.  Well,
it's probably worth doing in the business sense, but architecturally,
if I'm running ipsec from my laptop to my firewall, I don't care whether
or not the NAS-to-firewall L2TP traffic is protected or not.

Prev by Date: Re: New draft -- IPSEC ESP
Next by Date: Re: Re[6]: ISAKMP performance
Prev by thread: No Subject
Next by thread: draft-ietf-ipsec-ciph-arcfour-00.txt
Index(es):
- Main
- Thread