[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Just Fast Keying (JFK) draft



Sara,
For IPsec to be more widely used some changes to IKE are probably justified.
Perhaps we can resolve this by picking out the best parts of the current
proposals, considering:
 - JFK re-keying algorithmn
 - advantage or not of SIGMA 2-way vs 3-way handshake
 - review JFK vs IKEv2 proposals for SA policy management and distribution

Roy

-----Original Message-----
From: Sara Bitan [mailto:sarab@cs.Technion.AC.IL]
Sent: Thursday, November 29, 2001 10:42 AM
To: sami.vaarala; David Wagner
Cc: 'Steven M. Bellovin'; alexey.vyskubov@nokia.com;
ipsec@lists.tislabs.com; Hallam-Baker, Phillip
Subject: Re: Just Fast Keying (JFK) draft


Sami!
I agree with you. We have to compare two fully specified protocol to find
out if one of them is _significantly_ simpler then the other.

David!
You said that "IKE has always scared me with its complexity, so I am warmly
supportive of
simplification efforts in this area.  " Did you look at IKEv2, or at
IKE-SIGMA?
Both drafts suggest major changes to IKEv1, and I think they are both
considerably less complex. What do you think?

As a person who invested a lot in IKE implementation and interoperability
till we brought IKEv1 to its maturity,  I think we should make sure that a
totally new key management protocol will be either
_significantly_ more secure, or
_significantly_ simpler, or
answers requirements that are not answered by the two proposals to a new
version of IKE.

Before we launch this new adventure of inventing, implementing and bringing
a new key management to its maturity (it took us five years last time we did
it - yes I know you'll say that IKEv1 is complex;-) ) we must have very good
reasons  to do it, and I don't think we have them,

 Sara.



----- Original Message -----
From: sami.vaarala <sva@netseal.com>
To: Hallam-Baker, Phillip <pbaker@verisign.com>
Cc: 'Steven M. Bellovin' <smb@research.att.com>;
<alexey.vyskubov@nokia.com>; <ipsec@lists.tislabs.com>
Sent: Wednesday, November 28, 2001 7:21 PM
Subject: RE: Just Fast Keying (JFK) draft


>
> On Wed, 28 Nov 2001, Hallam-Baker, Phillip wrote:
>  > I am somewhat disappointed that there appears to have been almost no
>  > substantive discussion of JFK on the list. This may indicate that the
>  > protocol is secure, or it may indicate that nobody has been bothered to
read
>  > it - which given the effort put into previous flames over the subject
of
>  > keying would be somewhat disappointing.
>
> I read the draft, and found it very promising.  However, it is difficult
> to compare IKEv1/IKEv2 to JFK at this point, because JFK has not been
> specified in full detail yet.  (I'm referring to implementation
> complexity, a security comparison should be possible.)
>
> To compare fairly, a wire format and a definition of the JFK "sa"
> payload would be needed.  In IKEv2, the SA payload and the traffic
> selectors are a major cause of complexity, and thus have to be taken
> into account when comparing the two proposals.
>
> -Sami
>


Follow-Ups: