[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC Security Gateways & NAT



The state payload could be used in any exchange, not just base mode. It is a
good general-purpose replacement for the functionality originally assigned
to cookies -- without some of the drawbacks as well.

Base mode was a good idea, but someone (Bill?) also suggested that an
equally viable solution was just to make identity protection an optional
feature of main mode. That's an interesting tradeoff: adding a bit of
complexity to main mode vs. the need to support multiple exchange types. I
personally prefer using a separate exchange in this case.

Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Ari Huttunen
> Sent: Monday, June 25, 2001 11:15 AM
> To: Dan Harkins
> Cc: jshukla; ipsec@lists.tislabs.com
> Subject: Re: IPSEC Security Gateways & NAT
>
>
>
>
> Dan Harkins wrote:
> >
> > On Tue, 19 Jun 2001 09:25:31 PDT you wrote
> > >
> > > Right! The point is that pre-shared keys based authentication
> > > can be made more robust against DoS attacks compared to
> > > the other three authentication methods. In their current form,
> > > all authencitation methods are susceptible to DoS attacks.
> >
> > The DoS attack mounted against IKE is one that exploits the
> fact that
> > the responder creates state upon receipt of a single
> message from the
> > initiator. That will not be addressed by moving the authentication
> > step. It will be addressed by further complicating the protocol with
> > a new stateless "cookie request" option.
> >
> > Your suggestion to move the authentication step would
> further complicate
> > the protocol. The way it is now there is a uniform
> progression of state
> > for each of the authentication methods. As someone who has
> implemented
> > this protocol I can tell you it makes it much simpler to
> code that way.
> >
> > As has been pointed out repeatedly in this thread (and in
> the past) a
> > DoS attack that attempts to force the responser to do
> needless Diffie-
> > Hellman work would expose its IP address and the attack
> could be properly
> > addressed because of it.
> >
> > There are all sorts of changes that can be made to IKE but one that
> > would make the protocol much more complicated for such a
> small (perhaps
> > even non-existent) benefit is not something we should consider.
> >
> >   Dan.
>
> Is anyone still interested in Base Mode? It would be possible
> to create
> a Base Mode where reception of the first message is stateless
> to the Responder,
> by sending the state back in msg2 encrypted with some locally
> known symmetric
> key, and verified upon reception in msg3. This modified Base Mode
> could then be used to replace Aggressive Mode. The rationale
> for changing
> Base Mode would be that nobody's yet really using it (?), and
> that it's cool :).
> There's a paper by Pekka Nikander explaining the theory of
> making protocols
> stateless, forget where that is though.
>
> Of course, this all may not be worth the trouble.
>
> Ari
>
> --
> Ari Huttunen                   phone: +358 9 2520 0700
> Software Architect             fax  : +358 9 2520 5001
>
> F-Secure Corporation       http://www.F-Secure.com
>
> F(ully)-Secure products: Integrated Solutions for Enterprise Security
>



References: