[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)




> -----Original Message-----
> From: Scott G. Kelly [mailto:skelly@redcreek.com]
> Sent: June 17, 1999 5:43 PM
> To: Tim Jenkins
> Cc: Dan Harkins; Volpe, Victor; ipsec@lists.tislabs.com
> Subject: Re: Dangling phase 2 SAs (was RE: issues from the bakeoff)
> 
> 
> Tim Jenkins wrote:
> > 
> > >   "bounds the authenticated lifetime"? Does the
> > > "authenticatedness" somehow
> > > get diluted as time goes on? I guess I hadn't realized that.
> > 
> > The RFCs state that the lifetime of a phase 1 SA must be limited, in
> > addition to local policy requirements when using 
> certificates, to the
> > lifetime of the certificates involved and the CRL used to verify the
> > certificates.
> > 
> > This quite clearly is intended to make sure that the phase 
> 1 SA lifetime is
> > limited to the time that the endpoints can be 
> authenticated. That what I
> > mean by "bounds the authenticated lifetime".
> 
> There is a subtlety here: I think this insures that the phase 1 SA
> lifetime is
> limited to the time that the CA is willing to vouch for the 
> identity of
> the holder, not to the time that the endpoints can be authenticated.
> Presumably, the endpoints can be authenticated (to some 
> degree) so long
> as their authentication keys have not been compromised. Obviously, the
> established comfort level regarding key compromise degrades over time
> for a given session, but in general, don't we set the phase 2 lifetime
> to reflect our relative paranoia?

Yes, that's correct, but there is always the possibility that due to
re-keying combinations, the phase 2 SA can live past that time. And if the
phase 2 SA lifetime is limited by traffic, there is no limit on the time
that phase 2 SA can live beyond that "vouched" for time.

> 
> To put it another way, if my identity has been vouched for by a CA you
> trust, and then we establish an authenticated SA, aren't you 
> relatively
> assured that you are, in fact, continuing to talk with me 
> (the "me" you
> established this "connection" with) so long as I continue to sign/hash
> with the mutually agreed-upon keying material, AND so long as your
> comfort level parameters (lifetime) have not been exceeded? 

Yes, that's correct. But one of us may become unauthorized to talk to the
other. The window of this time can be reduced by re-keying the phase 1 SA
before the old one expires, and making sure there are no dangling SAs.

> And if I am
> susceptible to compromise, will it really matter if the phase 1 SA
> remains or not? (I know, it's the same question I asked in my last
> post...)

Again, it's about authorization. I didn't say that in previous responses. It
the authorization stops, it can be detected sooner.

> 
> Scott
> 

Tim


Follow-Ups: