[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Questions about PFS and ISAKMP SAs



-----BEGIN PGP SIGNED MESSAGE-----


Recap:
  To get PFS on IPsec SA's, one uses ephemeral DH exponents to rekey the
IPsec keys periodically. Since we throw the DH exponents away, no
knowledge of old keys is kept. The DH exponents are authenticated by
virtual of being in a Phase I ISAKMP SA that was authenticated via
one of the Phase I mechanisms (pre-shared, RSA, etc.)
  
  One can negotiate SA's for different end points on the same ISAKMP
SA using proxy-IDxx's.

Questions:

1. Is is reasonable to have multiple end points that need IPsec PFS
	using the same ISAKMP SA? Is PFS compatible in concept with
	sharing the ISAKMP SA?

2. Does PFS extend to the ISAKMP SA? If we should be throwing away the
	ISAKMP SA's keys, and doing new exponentiations (and new
	authentications, since we can't use old keys to derive new
	keys when we need PFS), then how often do we do this for the
	ISAKMP SA?

  In the absense of PFS for IPsec, we would use up the entropy of the
original ISAKMP SA's DH pair. Since we use a different DH pair for
IPsec, the only limit to the ISAKMP SA that we can see is the byte
lifetime of the encryption algorithm. More important is probably the
lifetime in seconds for a cracking attempt on that size of
key. (i.e. change the key once an hour for DES)

  #2 really asks the question: how do we do PFS for identities?

]       ON HUMILITY: to err is human. To moo, bovine.           |  SSH IPsec  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [



	
	
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNHQkBsmxxiPyUBAxAQHWCwL/dhTZ/qb1HXtLNi0gv8aWf3sbyFxWHtNg
c0mcyAmDN9ocSYOUUvVI+V/+9iaDAsB44/KJpsfn1aG/1HEUFlansCvGPdS/Mixo
et/gaiqzThPz9Z/sK2eFyyEEa1v5j71+
=QiRP
-----END PGP SIGNATURE-----


Follow-Ups: