[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Out of Sync Security Policies - Design Flaw
On 9 Nov 00, at 14:55, Andrew Krywaniuk wrote:
> > Andrew,
> >
> > if you were right, then what is the purpose of multiple SA
> > proposals in IKE?
> > One proposal would be enough.
>
> Three possible interpretations:
>
> 1. The discovered policy could be ambiguous. You need to chose between one
> of several possibilities.
I see no reason for ambiguity if policy are known in advance to both
sides.
> 2. The sets of transforms that are likely to work are "preshared" in that it
> is generally well known which algorithms are likely to work. (e.g. if you're
> using anything other than 3DES or AES with MD5 or SHA-1 with commonly used
> block sizes and # of rounds and mode of operation and hash output length
> then you are unlikely to work with some random host on the net).
>
> As the combinatorics majors known, if two people each randomly draw 3
> coloured balls from a sock containing 6 different colours of balls then
> there's a good chance that they will have at least one ball colour in
> common.
Again, there is no need for such a negotiation if policies are known
in advance.
> 3. This is an example of a case where people are using IKE to perform policy
> discovery instead of policy enforcement.
Because IKE explicitly allows it.
> On the other hand, one thing has been proven multiple times now: Don't
> assume that there's a good reason for doing something just because it's in
> the spec.
Regards,
Valery.
> Andrew
> --------------------------------------
> Beauty with out truth is insubstantial.
> Truth without beauty is unbearable.
>
>
References: