[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pfs support

To: Tylor Allison <allison@securecomputing.com>
Subject: Re: pfs support
From: Will Price <wprice@cyphers.net>
Date: Mon, 17 Jan 2000 21:05:41 -0800
CC: ipsec@lists.tislabs.com
References: <Pine.GSO.3.95q.1000117174110.478B-100000@stpsowk07.sctc.com>
Reply-To: wprice@cyphers.net
Sender: owner-ipsec@lists.tislabs.com

Supporting PFS involves:

1. Doing a second key exchange with DH in Phase 2
2. Deleting the Phase 1 SA immediately after the Phase 2 to dispose of the
key material involved

Obviously, step 2 is not going to work very well unless both parties send
and interpret Delete notifications.  Inconsistent implementation of Delete
notifications is the single biggest interop issue I see in other
implementations.  Lack of support for Initial Contact notifications would
be the second.  If you didn't send a Delete notification when you deleted
your Phase 1 SA, it's understandable that the other side would do what
you're seeing because implementation of #2 above seems to be fairly inconsistent.

Tylor Allison wrote:
> 
> This may be a dumb question, but what exactly is meant by saying
> "I support PFS"?  I ran into a few problems when trying to rekey with a
> few vendors at the interop because my interpretation of PFS was different
> than theirs.
> 
> I believe my implementation is accomplishing PFS for both identities and
> keys by uniquely binding each Phase 1 SA with a single Phase 2 SA and
> performing a second DH exponentiation in the Quick Mode.  Therefore, when
> I need to start a rekey, I will create a new Phase 1 SA followed by a New
> Phase 2 SA.  The problems I experienced was when the remote peer attempted
> to start the rekey, and they would use the old Phase 1 SA to establish a
> new Quick mode.  I rejected this offer, since it attempted to use the old
> SA... and the rekeying seemed to suffer.
> 
> Back to my question then, what is everyone else doing to support PFS?  Are
> you supporting PFS for key material only?  Or are you supporting PFS for
> key material and identities?  Has anyone else experienced any rekey
> problems associated with interoperating with a vendor who has implemented
> a PFS mode different from what you have implemented?
> 
> Thanks in advance.
> 
> Tylor
> 
> ---
> Tylor Allison         tylor_allison@securecomputing.com        (651) 628-1554
> Secure Computing Corporation

-- 

Will Price, Architect/Sr. Mgr., PGP Client Products
Total Network Security Division
Network Associates, Inc.

Follow-Ups:

Re: pfs support

From: "Scott G. Kelly" <skelly@redcreek.com>

References:

pfs support

From: Tylor Allison <allison@securecomputing.com>

Prev by Date: pfs support
Next by Date: Re: pfs support
Prev by thread: pfs support
Next by thread: Re: pfs support
Index(es):
- Main
- Thread