[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: manual keying and IPSEC conformance

To: Ran Atkinson <rja@inet.org>
Subject: Re: manual keying and IPSEC conformance
From: Steven Bellovin <smb@research.att.com>
Date: Thu, 21 Aug 1997 21:22:33 -0400
cc: Roy Pereira <rpereira@TimeStep.com>, "'ipsec@tis.com'" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

Although I prefer use of ISAKMP, I feel that manual keying is important
to have, for several reasons.

First, there's the need for backup.  Key management is a more delicate
business -- certificates may be unavailable, the daemon may be in a bad
mood, etc.  In a sense, this is an analog to the 'bypass' switch on
older crypto boxes, such as BLACKER.

Second, there's the firewall problem.  ISAKMP is UDP-based, which makes
it hard to relay through firewalls.  In some environments, manual keying
may be preferable to opening a hole in the firewall for ISAKMP communications.
(As an aside, the ISAKMP draft notes this problem.  I suggest that the
draft be amended to include a note suggesting that implementations include
an option to use a fix, user-specified port number for all ISAKMP packets.
Port 500 is used to receive messages, but a daemon that wishes to initiate
communications with a remote ISAKMP may prefer to use a different port.)

Third, and most serious, I can think of one environment where manual
keying may be necessary because ISAKMP doesn't scale:  large-scale network
management platforms.  A workstation that is managing thousands of hubs,
CSUs, routers, etc., will need to negotiate and cache thousands of security
associations.  A single shared key may be preferable.

Prev by Date: RE: manual keying and IPSEC conformance
Next by Date: IPSEC or ISAKMP TEST TOOLS
Prev by thread: Re: manual keying and IPSEC conformance
Next by thread: RE: manual keying and IPSEC conformance
Index(es):
- Main
- Thread