[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec SA DELETE in "dangling" implementation
The question still remains - how to send DELETE notification when deleting IPSec
SA while there is no IKE SAs to that peer.
My vote - to re-key IKE SAs as soon as possible after they are expired or
deleted (if there are active IPSec SAs with that peer) - so they will be around
when I need them, but if for some reason IKE SA cannot be re-keyed - do not send
IPSec SA DELETEs. Also, IMHO - deletion of IKE SA should be just that - no
consequences for any IPSec SAs.
Tero Kivinen wrote:
> Paul Hoffman writes:
> > An implementation can (and IMO SHOULD) choose not create IPsec SAs that
> > have lifetimes longer than the IKE SA under which they are protected. So
> > far, so good.
>
> Why? Is there any reason to tie the IKE and IPsec SA lifetimes
> together?
>
> > However, there are some cases where an IKE SA can get taken down
> > unexpectedly. A good example is when the IKE SA discovers that the cert it
> > used to authenticate the other party has been compromised. In this case,
> > all the IPsec SAs are suspect and should be deleted.
>
> Why? If the key was compromised at some point of time, that does NOT
> mean that old signatures created using that key are not valid anymore,
> it means the NEW signatures MUST not be accepted after that.
>
> If I create an SA from my laptop to corporate firewall using the
> smartcard I have in the IETF terminal room, and when I turn my back
> somebody steals the smartcard from the table. When I detect this I
> immediately of course revoke the certificate of that smartcard, but
> there is no need to tear down my SAs I have created before the
> smartcard was stolen.
>
> The holder of the smartcard still cannot decrypt my traffic inside the
> old SAs, so I can use that tunnel I have to get backup method of
> logging in... :-) Of course I can first set up the backup method and
> then report the smartcard being stolen, but that will open up more
> time for the hacker to get into my system.
>
> The signature check was done when the IKE SA was created and if the
> key wasn't compromized at that point then there is no need to delete
> the SAs.
>
> You might want to do it just to be sure. This also depends of the
> reason why the certificate was revocated. If the certificate was
> revoked because the employer moved to the other company, you do want
> to delete all existing SAs also...
>
> > I may have missed it, but is there a good reason why an IKE
> > implementation that is deleting an IKE SA for security reasons ever
> > want *not* to tear down the IPsec SAs that it created?
>
> I agree that there are so few reasons to not to delete the IPsec SAs
> when IKE SA is deleted because of *security reasons* that we can
> ignore them. So I think it is ok to tear down all IPsec SAs using IKE
> SA in that case.
>
> There are quite a lot of more reasons to keep IPsec SAs when IKE SA is
> deleted because of resource limits etc.
> --
> kivinen@iki.fi Work : +358-9-4354 3218
> SSH Communications Security http://www.ssh.fi/
> SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
Follow-Ups:
References: