[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
Dan Harkins wrote:
>
> Why is one mandated processing of packets a solution and another a
> "work around"? If the "work around" solves the problem in one less
> message then why isn't that preferable? Wouldn't adding a timestamp to
> the exchange be a "kludge"? Or a "work around"?
>
> The only reason the Responder doesn't instantiate the SAs after sending
> the 2nd message today is because of concerns about a resource consumption
> attack. I feel those concerns are small due to the small time in which
> the bogus SAs would be in the SADB, the inability of an attacker to use
> them (due to the inability of a 3rd party to know SKEYID state), and the
> small (and quantifiable) number of messages that can possibly be exchanged.
> Instantiate them and delete them if the 3rd message is never received!
>
> So we have very few messages which can be replayed and a well-defined
> method of dealing with the cases in which they are replayed. Why is that
> not satisfactory? What is the problem with this that is solved by adding
> a 4th message?
>
> Dan.
It would seem that both of these methods work, and I'd be relatively happy
with either one of them. I would prefer 4 messages, because it feels cleaner.
How about doing it this way: there are people on this list who verify
protocols using formal methods and one main gripe we have is that IKE has
been too hard to fully verify.. So.. Those people decide which alternative
is easier to formally verify and we pick that one.
Ari
--
Ari Huttunen phone: +358 9 2520 0700
Software Architect fax : +358 9 2520 5001
F-Secure Corporation http://www.F-Secure.com
F(ully)-Secure products: Integrated Solutions for Enterprise Security
References: