[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Dangling phase 2 SAs (was RE: issues from the bakeoff)
Tim Jenkins wrote:
>
> > "bounds the authenticated lifetime"? Does the
> > "authenticatedness" somehow
> > get diluted as time goes on? I guess I hadn't realized that.
>
> The RFCs state that the lifetime of a phase 1 SA must be limited, in
> addition to local policy requirements when using certificates, to the
> lifetime of the certificates involved and the CRL used to verify the
> certificates.
>
> This quite clearly is intended to make sure that the phase 1 SA lifetime is
> limited to the time that the endpoints can be authenticated. That what I
> mean by "bounds the authenticated lifetime".
There is a subtlety here: I think this insures that the phase 1 SA
lifetime is
limited to the time that the CA is willing to vouch for the identity of
the holder, not to the time that the endpoints can be authenticated.
Presumably, the endpoints can be authenticated (to some degree) so long
as their authentication keys have not been compromised. Obviously, the
established comfort level regarding key compromise degrades over time
for a given session, but in general, don't we set the phase 2 lifetime
to reflect our relative paranoia?
To put it another way, if my identity has been vouched for by a CA you
trust, and then we establish an authenticated SA, aren't you relatively
assured that you are, in fact, continuing to talk with me (the "me" you
established this "connection" with) so long as I continue to sign/hash
with the mutually agreed-upon keying material, AND so long as your
comfort level parameters (lifetime) have not been exceeded? And if I am
susceptible to compromise, will it really matter if the phase 1 SA
remains or not? (I know, it's the same question I asked in my last
post...)
Scott
References: