[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec SA DELETE in "dangling" implementation
- To: Paul Hoffman <paul.hoffman@vpnc.org>
- Subject: Re: IPSec SA DELETE in "dangling" implementation
- From: Tero Kivinen <kivinen@ssh.fi>
- Date: Thu, 2 Dec 1999 00:35:58 +0200 (EET)
- Cc: ipsec@lists.tislabs.com
- In-Reply-To: <4.2.1.19991130182311.00b88bd0@mail.vpnc.org>
- Organization: SSH Communications Security Oy
- References: <3843FF2D.B77C6051@ire-ma.com><199911301904.LAA15483@gallium.network-alchemy.com><199911302244.RAA16462@tonga.xedia.com><38445631.8073F94F@ire-ma.com><384463D7.8DCCB044@redcreek.com><4.2.1.19991130182311.00b88bd0@mail.vpnc.org>
- Sender: owner-ipsec@lists.tislabs.com
Paul Hoffman writes:
> An implementation can (and IMO SHOULD) choose not create IPsec SAs that
> have lifetimes longer than the IKE SA under which they are protected. So
> far, so good.
Why? Is there any reason to tie the IKE and IPsec SA lifetimes
together?
> However, there are some cases where an IKE SA can get taken down
> unexpectedly. A good example is when the IKE SA discovers that the cert it
> used to authenticate the other party has been compromised. In this case,
> all the IPsec SAs are suspect and should be deleted.
Why? If the key was compromised at some point of time, that does NOT
mean that old signatures created using that key are not valid anymore,
it means the NEW signatures MUST not be accepted after that.
If I create an SA from my laptop to corporate firewall using the
smartcard I have in the IETF terminal room, and when I turn my back
somebody steals the smartcard from the table. When I detect this I
immediately of course revoke the certificate of that smartcard, but
there is no need to tear down my SAs I have created before the
smartcard was stolen.
The holder of the smartcard still cannot decrypt my traffic inside the
old SAs, so I can use that tunnel I have to get backup method of
logging in... :-) Of course I can first set up the backup method and
then report the smartcard being stolen, but that will open up more
time for the hacker to get into my system.
The signature check was done when the IKE SA was created and if the
key wasn't compromized at that point then there is no need to delete
the SAs.
You might want to do it just to be sure. This also depends of the
reason why the certificate was revocated. If the certificate was
revoked because the employer moved to the other company, you do want
to delete all existing SAs also...
> I may have missed it, but is there a good reason why an IKE
> implementation that is deleting an IKE SA for security reasons ever
> want *not* to tear down the IPsec SAs that it created?
I agree that there are so few reasons to not to delete the IPsec SAs
when IKE SA is deleted because of *security reasons* that we can
ignore them. So I think it is ok to tear down all IPsec SAs using IKE
SA in that case.
There are quite a lot of more reasons to keep IPsec SAs when IKE SA is
deleted because of resource limits etc.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
Follow-Ups: