Re: Dangling phase 2 SAs (was RE: issues from the bakeoff)

["Scott G. Kelly" <skelly@redcreek.com>]

Hi Tim,

Tim Jenkins wrote:
> 
<trimmed...>
> 
> Also, the act of orphaning phase 2 SAs (as described below) in my mind is
> both unnecessary and also insecure, since the phase 1 SA is what bounds the
> authenticated lifetime of the end points. So to leave a phase 2 SA up
> without a valid phase 1 SA is to let it live beyond its allowed limits.
 

I have a question about this. I haven't thought about it in depth, so
maybe you'll quickly correct me if I'm wrong. It seems to me that AH
authenticates the SA endpoints, and that it is sufficiently strong that
we need not worry about whether the phase 1 SA is up or not. It also
seems to me that authenticated ESP with strong encryption provides
pretty good assurance that the packets came from where you think they
did unless that source system were somehow compromised, in which case
the phase 1 SA would also be worthless (I'm sure the cryptographers here
could educate us on the subtleties involved). 

The real question is, does an active phase 1 SA in any way add to the
protection of an authenticated phase 2 SA?

Scott

---

References:

• Dangling phase 2 SAs (was RE: issues from the bakeoff)
• From: Tim Jenkins <tjenkins@TimeStep.com>

---

• Prev by Date: Re: Dangling phase 2 SAs (was RE: issues from the bakeoff)
• Next by Date: Re: Dangling phase 2 SAs (was RE: issues from the bakeoff)
• Prev by thread: Re: Dangling phase 2 SAs (was RE: issues from the bakeoff)
• Next by thread: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)
• Index(es):
  • Main
  • Thread