[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about mis-match SA lifetimes
>>>>> "Shawn" == Shawn Mamros <Shawn_Mamros@baynetworks.com> writes:
>> I would have thought the same. In fact, it's not clear to me why
>> the lifetime value needs to be mentioned in the protocol at all.
>> If I think the SA has lived long enough, I can rekey. Whether the
>> other side is more tolerant seems irrelevant.
>>
>> To put it differently: consider a hypothetical protocol that was
>> just like IKE except that it doesn't exchange this information.
>> What bad properties, if any, would such a protocol have?
Shawn> What if the peer wants to rekey once every second, and use PFS
Shawn> to boot? If you're trying to support hundreds or thousands of
Shawn> SAs, this can get quite expensive in a hurry, and could be
Shawn> considered a denial- of-service attack in some circles.
Shawn> Knowing what the peer's intended lifetime is can help prevent
Shawn> this, assuming that you're looking for it.
No it doesn't.
If someone wants to mount such a denial of service attack, there is no
reason to believe they would advertise their evil intent by announcing
a lifetime of 1 second.
The scenario you describe is a real issue. But by definition you
CANNOT use protocol rules to protect from evildoers -- you must take
local action to protect your local resources. Another way of saying
the same thing is that your system has to be robust enough that it
doesn't malfunction (and in particular, it recovers after the attack
stops) no matter what nasty stuff appears on the wire. If you crash
because I send you bad packets, "the protocol spec doesn't allow you
do to that" isn't a valid defense...
paul
References: