[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)
>>>>> "Tim" == Tim Jenkins <tjenkins@TimeStep.com> writes:
>> In particular, I don't understand the assertion that allowing
>> phase 2 SAs to live past the deletion of the Phase 1 SA is in any
>> way a security issue. What does "bounds the authenticated
>> lifetime of the end points" mean? Could you describe an attack on
>> a system that is made possible by letting the phase 2 SAs live
>> beyond the deletion of a phase 1 SA?
Tim> I tried to explain this in my response to Dan; he had a similar
Tim> question. If it's still not clear, please let me know.
That's the note I was referring to. It's not clear in the least. You
make a statement "bounds the authenticated lifetime of the end
points", whose meaning isn't clear. And then you say that there is a
security problem, but you don't spell out what the nature of the
problem is.
I see no security problem. At the time you run phase 2, you have a
phase 1 SA. That has assorted security attributes which you know.
Based on that knowledge, you accept the phase 2 exchange with all the
attributes in it. You might modify some of what's proposed (for
example, you might unilaterally restrict the lifetime of the phase 2
SA based on the impending expiration of the cert that authenticated
the phase 1 SA).
So you clearly rely on the security properties of the phase 1 SA to
establish the security properties of the phase 2 SA. But it does not
follow that the continuing security of the phase 2 SA relies on the
continued existence of the phase 1 SA.
I think you need to exhibit a specific attack to support the point you
raised.
paul
References: