[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC Security Gateways & NAT
The "extra computation" is really not much more than creating the
cookie itself. It doesn't have to be encrypted data; it can be a
keyed hash or some other verifiable system. It's probably just as
much work as running a PRNG to generate a random NONCE for a cookie.
It is certainly much less work than having to keep track of N
message-1 messages sitting around and then seeing if you're under
attack by counting N.
You don't really need to keep track of resource usage; you _can_
choose do so. However, no, this does not require the same amount
of state as recording all your message-1 state for each initiator.
What's easier, keeping a counter or keeping all the cookie state
from all the initiators?
-derek
PS: I have no objection to an optional stateless cookie round-trip.
"Hilarie Orman" <HORMAN@volera.com> writes:
> The statelessness seems to exist only in non-stressed circumstances.
> If there really is a resource shortage, such as would occur in a denial
> of service attack, then one needs to start keeping track of resource
> usage, and that means keeping state around, doesn't it? The stateless
> cryptographic cookie seems to have the disadvantage of requiring
> extra computation even in the non-attack situation, whereas, the
> stateful approach requires no extra work until an attack is underway.
>
> Hilarie
>
> >>> Bill Sommerfeld <sommerfeld@East.Sun.COM> 06/25/01 11:19AM >>>
> > Is anyone still interested in Base Mode? It would be possible to create
> > a Base Mode where reception of the first message is stateless to the Responder,
> > by sending the state back in msg2 encrypted with some locally known symmetric
> > key, and verified upon reception in msg3. This modified Base Mode
> > could then be used to replace Aggressive Mode. The rationale for changing
> > Base Mode would be that nobody's yet really using it (?), and that it's cool :).
> > There's a paper by Pekka Nikander explaining the theory of making protocols
> > stateless, forget where that is though.
>
> I'd be very interested in seeing a mode which is initially stateless
> for the responder; it's a key bit of technology from photuris which
> was never carried forward to IKE.
>
> - Bill
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: