[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dangling SA Summary

To: Tim Jenkins <tjenkins@TimeStep.com>
Subject: Re: Dangling SA Summary
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Fri, 18 Jun 1999 09:47:02 -0700
CC: ipsec@lists.tislabs.com
Organization: RedCreek Communications
References: <319A1C5F94C8D11192DE00805FBBADDFB681A0@exchange>
Sender: owner-ipsec@lists.tislabs.com

Tim Jenkins wrote:
> 
> This is an attempt to summarize the issue, and list the pros and cons.
> 
> The purpose of requiring no dangling phase 2 SAs is minimize the window of
> unauthorized use of a system. With dangling phase 2 SAs, the maximum window
> size is the sum of the phase 1 SA lifetime plus the phase 2 SA lifetime.
> Without dangling phase 2 SAs, the maximum window size is the phase 1 SA
> lifetime.
> 
> While the differences between the two window sizes can be reduced by careful
> configuration of lifetimes, it can never be eliminated, and requires
> knowledgeable system administration, and is dependent on the PKI
> infrastructure.

I think this gets to the heart of it. This situatation is far more
complex than is obvious at first blush. Thinking out loud (so to speak),
it occurs to me to ask why we limit the cert validity period to begin
with. It appears that this serves to limit the vulnerability window in
case either the cert is hijacked or the mate to the contained key is
compromised. Now, going one step further to ask why we limit the
lifetime of the phase 1 SA to the cert validity period, we may arrive at
a similar conclusion, that being that since the cert could have been
compromised at some point during the validity period, we would like to
mitigate the damage by similarly limiting the validity period of the
phase 1 SA.

Given this general drift, it seems to logically follow that the lifetime
of related phase 2 SAs should be similarly constrained for the same
reason, i.e. to minimize the damage should compromise occur. This
appears to be precisely the conclusion Tim has reached, and I think I'm
beginning to agree, at least in principle. If we agree that the phase 2
SA should be similarly bound in terms of lifetime, the remaining
question pertains to how we accomplish this.

I think we have 2 choices: bind the phase 1 and phase 2 SAs, as Tim
suggests, or limit the phase 2 SAs to the remaining cert lifetime if
their configured lifetimes would exceed this. I'm still thinking about
which is the better approach.

Is there a flaw in the reasoning regarding phase 2 lifetimes with
respect to cert validity periods?

Scott

References:

Dangling SA Summary

From: Tim Jenkins <tjenkins@TimeStep.com>

Prev by Date: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)
Next by Date: Re: draft-ietf-ipsec-notifymsg-00.txt (long)
Prev by thread: Dangling SA Summary
Next by thread: Re: Dangling SA Summary
Index(es):
- Main
- Thread