[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Retransmits in traffic count?



Ahh, the wonderous diversity of a technical mailing list. On one hand,
you've got people complaining that a simple protocol like IKE-Config is too
risky simply because it adds complexity to your state machine (even though
there are no real plausible attacks). And now you've got people arguing that
Kb expiry of an IKE SA is useless simply because the attacks (which are easy
to envision) are too esoteric.

We're in the security business. We're supposed to be (at least a little bit)
paranoid. If people didn't care about identity protection then why would
they be using main mode? Organizations like the military collect and analyze
statistical data such as who is talking to who.

Deprecating features (especially a locally enforced feature like this one),
simply because a few parties can't see any use for thm, isn't what a
standards-determining organization is supposed to be about. Our customers
expect us to be forward-thinking; if we don't plan for an attack, simply
because we can't think of how to exploit it off the top of our heads, then
how can we be forward-thinking?

As for what happens when you run out of Kb in the middle of an exchange,
what would you do if your time-based lifetime expired in the middle of an
exchange? Or what if you ran out of Kb in the middle of encypting an IPSec
packet? Simple: you drop the packet and next time you set your rekeying
window to be a little wider.

Andrew
_______________________________________________
 Beauty without truth is insubstantial.
 Truth without beauty is unbearable.


> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@network-alchemy.com]
> Sent: Thursday, August 05, 1999 3:07 PM
> To: Tim Jenkins
> Cc: ipsec@lists.tislabs.com
> Subject: Re: Retransmits in traffic count? 
> 

> > The only difficulty that I can see with phase 1 SA traffic 
> lifetimes is what
> > to do if it expires in the middle of an exchange.
> 
> Yes, that's a problem. The whole concept is a problem. A way 
> to solve this
> problem is to do away with it. It just doesn't make sense to limit the
> life of an IKE SA by traffic. It's low volume, (relatively) 
> uninteresting 
> traffic. An attacker would learn the identities of the 
> parties involved in
> the IPSec communication and learn the attributes (but not the 
> key!) of the 
> IPSec SA. It would not provide any insight into what was 
> being protected
> by IPSec, which is the real target of any attack. Attacking 
> IKE in this
> manner would be a waste of time. I don't see it happening.


> Getting rid of this attribute will get rid of a few headaches 
> and cause none
> of its own. Maybe you could say why would you use KB expiry 
> for an IKE SA?
> 
>   Dan.
> 


Follow-Ups: