[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: draft-ietf-ipsec-ikev2-01.txt
A few comments:
ADDRESS-NOTIFICATION 26
Don't understand.
huh?
Repeated re-keying using Phase 2 without PFS can consume the entropy
of the Diffie-Hellman shared secret. Implementers should take note of
this fact and set a limit on Phase 2 Exchanges between
exponentiations. This memo does not prescribe such a limit.
I always hated this text from IKEv1. What does it mean to "consume the
entropy" of a secret anyway?
How about: "Repeated re-keying using Phase 2 without PFS will increase the
amount of data that will be exposed if the Diffie-Hellman key is ever
compromised. Rekeying without PFS could also aid an attacker in
cryptanalysing encrypted ESP data if a weakness in the PRF algorithm is ever
discovered."
- All previous proposals (IKEv1, IKEv2, JFK, and SIGMA) were
vulnerable to an active attacker answering Alice's message with bogus
information. Alice cannot distinguish a legitimate message 2 from a
bogus message 2. In this draft we explain how Alice can protect
herself from this attack, which is to be willing to continue
negotiation with every reply she receives. Only the legitimate Bob
will be able to send an acceptable message 4, so the multiple SA's-
in-progress will only last until the SA is set up.
Solving this sort of DoS attack in which the adversary is either (a) on the
same LAN as the responder or (b) located along the data path should be a
non-goal. These sorts of adversaries can generally do all sorts of nasty
things like (a) arping for you or (b) simply removing your packets from the
wire. The danger here is that one SA request by Alice can result in 1000
replies by Bob (and 1000 DHs that Alice has to compute). The best response
to this sort of attack is simply to give up on the negotiation and retry
after some comfort period.
Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Dan Harkins
> Sent: Wednesday, February 27, 2002 4:28 PM
> To: ipsec@lists.tislabs.com
> Subject: draft-ietf-ipsec-ikev2-01.txt
>
>
> An updated IKEv2 draft has been submitted to the I-D editor. Due to
> the last second rush it might be a while before it appears in the
> repository. So in the interest of giving everyone a few more days to
> read and comment I've posted it at:
>
http://www.lounge.org/draft-ietf-ipsec-ikev2-01.txt
Comments to the list, please.
Enjoy!
Dan.