Re: ipsec error protocol

[Bill Sommerfeld <sommerfeld@East.Sun.COM>]

> >In the Detienne/Sommerfeld method, you notify and restart the negotiation
> at once (no IPSec<->IKE pingpong), almost immediately (no wasted packets, no
> timers), at a stage that is the most efficient in all the cases (phase 1
> first or directly with phase 2) and with a fraction (at worse 1/2) of the
> timers required in your method.
> 
> If I understand the proposal correctly it requires the sender of the message
> to remember some unique information known to each peer to get the
> 'invalid spi' notification authenticated. How can the sender remember
> this information across reboots?

The message contains a signed sequence number; the "birth cert" sender
need only keep a single sequence number, shared across all peers.

Replay detection is simple.  the "birth cert" receiver (SA sender)
needs to hang on to the "current" birth cert for the lifetime of the
sending side of the SA.  (i.e., the sending end of the SA can throw it
away when it throws away the SA state).

If it receives a newer birth cert than the old one, it knows that the
peer has rebooted and its SA state is stale.

If it receives an older birth cert in an error message, it can
trivially ignore it.

There are other tricks you can use to engineer DoS resistance.  (i.e.,
rate limit how often you'll attempt to validate a signature, skip the
validation if you've recently received authentic traffic from the
peer, etc., etc.)

					- Bill

---

Follow-Ups:

• RE: ipsec error protocol
• From: "sankar ramamoorthi" <sankar@nexsi.com>

References:

• RE: ipsec error protocol
• From: "sankar ramamoorthi" <sankar@nexsi.com>

---

• Prev by Date: RE: ipsec error protocol
• Next by Date: RE: ipsec error protocol
• Prev by thread: RE: ipsec error protocol
• Next by thread: RE: ipsec error protocol
• Index(es):
  • Main
  • Thread