[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: "Hilarie Orman" <HORMAN@volera.com>
Subject: Re: IPSEC Security Gateways & NAT
From: Derek Atkins <warlord@mit.edu>
Date: 26 Jun 2001 09:59:33 -0400
Cc: <sommerfeld@East.Sun.COM>, <ipsec@lists.tislabs.com>
In-Reply-To: "Hilarie Orman"'s message of "Mon, 25 Jun 2001 18:37:10 -0600"
References: <sb3784dc.027@prv-mail20.provo.novell.com>
Sender: owner-ipsec@lists.tislabs.com

The "extra computation" is really not much more than creating the
cookie itself.  It doesn't have to be encrypted data; it can be a
keyed hash or some other verifiable system.  It's probably just as
much work as running a PRNG to generate a random NONCE for a cookie.
It is certainly much less work than having to keep track of N
message-1 messages sitting around and then seeing if you're under
attack by counting N.

You don't really need to keep track of resource usage; you _can_
choose do so.  However, no, this does not require the same amount
of state as recording all your message-1 state for each initiator.
What's easier, keeping a counter or keeping all the cookie state
from all the initiators?

-derek

PS: I have no objection to an optional stateless cookie round-trip.

"Hilarie Orman" <HORMAN@volera.com> writes:

> The statelessness seems to exist only in non-stressed circumstances.  
> If there really is a resource shortage, such as would occur in a denial 
> of service attack, then one needs to start keeping track of resource 
> usage, and that means keeping state around, doesn't it?  The stateless
> cryptographic cookie seems to have the disadvantage of requiring
> extra computation even in the non-attack situation, whereas, the
> stateful approach requires no extra work until an attack is underway.
> 
> Hilarie
> 
> >>> Bill Sommerfeld <sommerfeld@East.Sun.COM> 06/25/01 11:19AM >>>
> > Is anyone still interested in Base Mode? It would be possible to create
> > a Base Mode where reception of the first message is stateless to the Responder,
> > by sending the state back in msg2 encrypted with some locally known symmetric
> > key, and verified upon reception in msg3. This modified Base Mode
> > could then be used to replace Aggressive Mode. The rationale for changing
> > Base Mode would be that nobody's yet really using it (?), and that it's cool :).
> > There's a paper by Pekka Nikander explaining the theory of making protocols
> > stateless, forget where that is though.
> 
> I'd be very interested in seeing a mode which is initially stateless
> for the responder; it's a key bit of technology from photuris which
> was never carried forward to IKE.
> 
> 					- Bill

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

Re: IPSEC Security Gateways & NAT

From: "Hilarie Orman" <HORMAN@volera.com>

Prev by Date: I-D ACTION:draft-shacham-ippcp-rfc2393bis-07.txt
Next by Date: AES Key Integrity
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread