[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec SA DELETE in "dangling" implementation

To: "'Slava Kavsan'" <bkavsan@ire-ma.com>
Subject: RE: IPSec SA DELETE in "dangling" implementation
From: "Walker, Jesse" <jesse.walker@intel.com>
Date: Mon, 6 Dec 1999 11:56:07 -0800
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

It is not evident that it is a good idea to used Acked-NOTIFY or any other
Acked message for this function. If the traffic is protected by some key,
and if he adversary somehow knows it is being used (e.g., because the
traffic is remote access), then inserting an Ack into the protocol
transforms the peer into an oracle to answer questions about the key--the
adversary knows it has guessed the right key as soon as it can get one
system to ack to its "keepalive".

If this observation is correct, then what seems to be needed is for one end
to apprise its peer that it (the local system) may purge old SAs that appear
to have died, along with some notion of what it considers dead (e.g., it
receives no traffic for 5 minutes). It then becomes the responsibility of
the peer that wants its SAs to remain to send traffic to defeat the dead SA
harvesting. So any solution should propose mechanisms for both parts.

-- Jesse

-----Original Message-----
From: Slava Kavsan [mailto:bkavsan@ire-ma.com]
Sent: Friday, December 03, 1999 8:04 AM
To: Scott G. Kelly
Cc: Jan Vilhuber; Srinivasa Rao Addepalli; Dan Harkins; Markku Savela;
ipsec@lists.tislabs.com
Subject: Re: IPSec SA DELETE in "dangling" implementation

"Scott G. Kelly" wrote:

> Maybe dead peer detection should not rely upon the presence of an IKE
> SA.

I like this approach, but it needs to be further analysed:

- are there any attacks possible when using unprotected NOTIFYes for
keep-alive? E.g. is
"false-alive" attack is really an attack?
- what if protected keep-alives are used when possible (IKE SA is around)
and non-protected
when there is no IKE SA?
- use of keep-alives in this fashion will prevent us from taking advantage
of using Ack-ed
NOTIFY for keep-alives, because Ack-ed NOTIFY is always protected (unless
this requirement can
be relaxed for keep-alives)
- could resource-minded implementations when they need more memory "shrink"
their SAs (instead
of deleting them) to a bare minimum to only support keep-alive protection?
- could we use (somehow) IPSec-based keep-alives
- etc.
- etc.

Follow-Ups:

Re: IPSec SA DELETE in "dangling" implementation

From: Slava Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: Heartbeats (was RE: keepalives)
Next by Date: RE: Heartbeats (was RE: keepalives)
Prev by thread: RE: IPSec SA DELETE in "dangling" implementation
Next by thread: Re: IPSec SA DELETE in "dangling" implementation
Index(es):
- Main
- Thread