[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SCTP and IPsec issues
>>>>> "Angelos" == Angelos D Keromytis <angelos@cis.upenn.edu> writes:
Angelos> The alternative (setting up a number of SAs, for each of the
Angelos> valid destination addresses) does not work because of SA state
Angelos> issues (at least the replay counter has to be synchronized
Angelos> across all these SAs) and the obvious memory waste.
Angelos> Recommendation: the architecture document should state that SAs
Angelos> are identified by the extended triplet.
As an alternative, it would be nice if the architecture said that the
mapping of SPD->SA was an N:1 mapping, then no textual change would be
necessary to support this.
Angelos> 3) The SCTP source/destination port numbers should be included
Angelos> as SPD selectors.
Angelos> Recommendation: include this in the architecture
Angelos> document. No-brainer.
But, should the document be rev'ed each time a new protocol comes along
that has a new set of selectors?
Angelos> 4) The multiple source/destination addresses need to appear in
Angelos> the Phase 2 ID payloads in IKE. There are two ways of doing
Angelos> this:
Angelos> a) Allow multiple source/destination ID payloads in messages 1
Angelos> and 2 of IKE Quick Mode. b) Introduce a new type of ID, that
Angelos> allows for recursive inclusion of other IDs. Thus, Phase 2 would
Angelos> still only send one ID payload each for source/destination; each
I strongly favour (b).
This is needed for proper per-host keying support for ICMP.
It would also be nice if phase 2 SAs could be referenced in a consistent
way such that additional selectors could be *added* to an existing SA.
Angelos> Recommendation: do (b), as we think it is less intrusive for
Angelos> implementations than (a). However, recursion is limited to only
Angelos> one-deep (i.e., you can't have a recursive ID inside a recursive
Angelos> ID).
My preference is to define three "recursion" types: AND, OR and NOT.
Permit at most *three* levels of such logic.
Angelos> 5) The initiator of an IKE exchange may not know all the remote
Angelos> host's addresses (used for SCTP), and thus may not be able to
Angelos> propose an accurate Phase 2 destination ID. Solutions:
Angelos> a) The Responder may drop the Phase 2 exchange and start a Phase
Angelos> 2 exchange on its own (using the same Phase 1 SA), using
Angelos> information from the old exchange, providing the correct set of
Angelos> addresses. The advantage of this approach is that it requires no
Angelos> protocol changes (although implementations have to be able to
Angelos> deal with this initial rejection). b) The Responder could
Angelos> modify the Responder ID received in message 1 of Quick Mode, and
Angelos> send it back in message 2. The Initiator then needs to verify
Angelos> that this is according to policy (as opposed to doing a simple
Angelos> bytestring comparison, as is possible today). This requires no
Angelos> wire changes, but a small change in the processing at the
Angelos> Initiator. This is a potentially more powerful and lightweight
Angelos> approach (everything is still done in one exchange, and the
Angelos> Initiator does not have to deal with a Phase 2 exchange
Angelos> rejection).
This begins to sound like negotiation.
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] mcr@solidum.com www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
Follow-Ups:
References: