[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [mobile-ip] Re: replacing IPsec's replay protection?

To: uri@bell-labs.com
Subject: Re: [mobile-ip] Re: replacing IPsec's replay protection?
From: Jari Arkko <jari.arkko@kolumbus.fi>
Date: Wed, 03 Apr 2002 17:31:07 +0300
Cc: Michael Thomas <mat@cisco.com>, ipsec@lists.tislabs.com, marcovici@lucent.com
References: <416B5AF360DED54088DAD3CA8BFBEA6E1DF1A4@TNEXVS02.tahoenetworks.com> <Roam.SIMC.2.0.6.1017750433.21815.nordmark@bebop.france> <15530.22026.752100.186019@thomasm-u1.cisco.com> <200204030446.XAA13831@nwmail.wh.lucent.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014

Uri Blumenthal wrote:

> On Tuesday 02 April 2002 20:08, Michael Thomas wrote:
>  >
>  > If people want a "light weight" keying scheme for
>  > IPsec, it should either be pursued in IPsec WG, or
>  > through a BOF......As I've mentioned, there are some
>  > of our folks who have some interest in this, and
>  > their scheme doesn't require per node storage of
>  > anything but the key and something akin to the
>  > EngineBoots counter in SNMPv3. This would be a
>  > much better solution to this problem.
> 
> Actually, this is interesting - because indeed there are applications 
> and protocols that want to use IPsec for protection, but don't want
> to use IKE for key negotiation.

This is true, but from the point of view of Mobile IPv6, we didn't
really want to enter the discussion of key management protocols. (I'm
personally sure that Son-of-IKE will solve many of the problems IKE has,
though I haven't checked lately to verify this.)

Instead, what the Mobile IPv6 folks wanted to do was to use IPsec as-is
for certain tasks. One of these tasks was protection of BUs between the
MN and the CN. Now, our options in regards to this are as follows:

1. Require IPsec + IKE. No replay problem.
2. Require at least IPsec, but keep IKE as optional. Don't add
    any features for replay protection. Folks who don't use IKE
    will suffer from the replay vulnerability.
3. Require at least IPsec, optional IKE but add an application
    layer feature for replay protection to prevent replays if
    you happened to not have IKE. This was the DT-recommended
    approach.
4. Require at least IPSec and a TBD light weight key management
    scheme, perhaps optional IKE in some cases. No application
    layer features. Replay protection works perfectly for everyone.

Somehow I think that if we are targeting RFC in about a month or so
option #4 isn't going to give us that. However, this discussion has
caused me to rethink some of the reasons on why we recommended
option #3. Option #2 might also be quite reasonable, and would have
the added benefit that whatever the IETF keeps generating on the
key management front could easily be adopted whenever it becomes
available. KINK could be used in environments where it is available,
for instance, and Son-of-IKE when it gets ready. OTOH, the application
layer replay protection has* been in the mobile ipv6 drafts from the
stone age so I don't think that it's such a bad idea either.

Comments?

Jari
*) We have been discussing a modification of the replay protection
on the list, to require NV memory to be used or not.

Follow-Ups:
- Re: [mobile-ip] Re: replacing IPsec's replay protection?
  - From: Michael Thomas <mat@cisco.com>
- Re: [mobile-ip] Re: replacing IPsec's replay protection?
  - From: Uri Blumenthal <uri@bell-labs.com>

References:
- Re: [mobile-ip] Re: replacing IPsec's replay protection?
  - From: Uri Blumenthal <uri@bell-labs.com>

Prev by Date: Re: questions on draft-touch-ipsec-vpn
Next by Date: Re: [mobile-ip] Re: replacing IPsec's replay protection?
Prev by thread: Re: [mobile-ip] Re: replacing IPsec's replay protection?
Next by thread: Re: [mobile-ip] Re: replacing IPsec's replay protection?
Index(es):
- Date
- Thread