[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Phase 1 KB lifetime

To: Andrew Krywaniuk <akrywaniuk@TimeStep.com>
Subject: Re: Phase 1 KB lifetime
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Wed, 19 Jan 2000 11:49:36 -0800
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 19 Jan 2000 14:24:03 EST." <319A1C5F94C8D11192DE00805FBBADDF0110A34C@exchange>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 19 Jan 2000 14:24:03 EST you wrote
> 
> Fine. As I said, our code has support for the responder lifetime notify. We
> send it and parse it. If the responder adjusts the lifetime, we honour it
> AND we send the delete. I'm not arguing with you on this point.

Bully for you. What your product does is not the issue here.

> I'm saying that if someone was paranoid enough to want to expire their SAs
> based on a kb lifetime, which is a possible weakness (even if some consider
> it too unlikely or too unworthy to protect against), then they should go
> ahead and delete their SAs regardless of whether there is an assigned magic
> number for kb lifetimes in the draft.
> 
> Should they send a responder lifetime notify regarding this constraint? 

I don't think you understand what the responder lifetime notify is used for.
When a lifetime has been reached you don't send the notify, you chain it
to your Quick Mode message during negotiation so both sides have a consistent
view of the world at SA establishment time. Whether a magic number exists
for kb lifetimes in phase 1 is unrelated to the use of responder notifies.

> On one hand, you are saying that an implementation should notify the peer of
> all of its lifetime constraints. On the other hand, you want to remove (or
> at least deprecate) the magic number associated with this lifetime
> constraint. 

I'm arguing _against_ ignoring messages from the peer and blithely assuming
that things are as you believe they are when they aren't (which you'd know
had you parsed the message). 

> If the user values strict security over strict standards compliance then
> they have no choice but to enforce the kb lifetime rule without sending a
> notify.
> 
> If you want to prevent implementations which enforce local kb lifetime rules
> from sending a notify then fine... just don't try to legislate policy.

Nobody's "legislating policy". And the enforcement of kb lifetime is not
related to the use of the responder lifetime. Please read the relevent
documents.

  Dan.

References:

RE: Phase 1 KB lifetime

From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>

Prev by Date: Notify Invalid Spi/Cookie (was RE: Phase 1 KB lifetime)
Next by Date: Re: Notify Invalid Spi/Cookie (was RE: Phase 1 KB lifetime)
Prev by thread: RE: Phase 1 KB lifetime
Next by thread: Re: Phase 1 KB lifetime
Index(es):
- Main
- Thread