[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Dangling phase 2 SAs (was RE: issues from the bakeoff)

To: ipsec@lists.tislabs.com
Subject: FW: Dangling phase 2 SAs (was RE: issues from the bakeoff)
From: Tim Jenkins <tjenkins@TimeStep.com>
Date: Fri, 18 Jun 1999 10:23:05 -0400
Sender: owner-ipsec@lists.tislabs.com

My response to Michael's private email was sent before his post to the list
appeared...

-----Original Message-----
From: Tim Jenkins 
Sent: June 18, 1999 10:18 AM
To: 'Heyman, Michael'
Subject: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff) 



> -----Original Message-----
> From: Heyman, Michael [mailto:Michael_Heyman@nai.com]
> Sent: June 18, 1999 10:10 AM
> To: 'Tim Jenkins'
> Subject: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff) 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The issue of dangling phase 2 SAs seems to have created a camp that
> believes that when a certificate is revoked, a compromise has
> occured, and therefore any phase 2 SAs created under the phase 1 SA
> with a now revoked certificate as the authentication mechanism should
> be removed.
> 
> Point 1: Compromise? What compromise?
> 
> There are many reasons to revoke a certificate that in no way
> invalidates authorizations that certificate performed prior to the
> revokation. For example, an employee leaves a company, the company
> revokes that employees certificate. Actions that employee took while
> still employed are still valid.

I don't think system administrators would agree with you here. If an
employee leaves a company, he/she is supposed to leave behind all access to
that company's assets. The longer SAs are left up after this point, the
greater the exposure.

Yes, it's a different kind of compromise that key material or
authentication, but it's a compromise none the less.

> 
> Point 2: That compromise didn't hurt this old SA.
> 
> If a compromise occurs on a phase 1 authorization mechanism (such as:
> private key stolen or shared secret blurted out in the throws of
> passion), obviously, the phase 2 SAs under that mechanism created
> _after_ the compromise are suspect :-).
> 
> But, the phase 2 SAs created _prior_ to the compromised are not
> suspect if perfect forward secrecy is used (and the Phase 1 SAs get
> deleted ASAP). The phase 2 SAs may not even be suspect if perfect
> forward secrecy is not used as long as the host whose authorization
> is in question is not compromised.

Yes, you're right, but this isn't the kind of compromise I'm trying to
minimize.

I'm trying to minimize the unauthorized access window.

> 
> - -Michael Heyman
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1b23
> 
> iQA/AwUBN2pSD7XbkJfuXzRQEQI6XwCcCog8f6jE/CaMrMut3dIOg/vFB6UAoORS
> LTC7i6XlGKC2gFREN0P0WMdS
> =DYTO
> -----END PGP SIGNATURE-----
>

Prev by Date: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)
Next by Date: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)
Prev by thread: RE: Dangling SA Summary
Next by thread: IPSEC, IPv6 and mobile IP
Index(es):
- Main
- Thread