[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)

To: "'Jean-Jacques Puig'" <jean-jacques.puig@int-evry.fr>, ipsec@lists.tislabs.com
Subject: RE: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
From: Christina Helbig <cbh@zyfer.com>
Date: Fri, 21 Jun 2002 12:08:54 -0700
Sender: owner-ipsec@lists.tislabs.com

Hi,
IMO there is a mix of the issue of PFS and rekeying in the discussion.
1. Rekeying is needed if the amount of with the same key encrypted data goes
beyond specific values, because of some passive attacks against the
encrypted data (dependable also of the encryption algorithm and its mode)
and the active attack of replaying by ESP after the sequence number counter
has started again.
2. The need for PFS by the process of rekeying is not based on protection
against this attacks under 1. 
3. The property of PFS is an advantage in the case of unauthorized access to
secret information used to generate the communication keys. If this  secret
information can be secured against unauthorized access then rekeying can be
done without the property of PFS. 
4. On the other hand there is always a need by IKE to protect secret
information against unauthorized access used for phase 1 authentication. If
the protection of this secret information in the system is sufficient why
should there the protection of an other secret information be insufficient?

My proposal is: Rekeying is necessary under specific circumstances, which
should be described. PFS is not needed if the secret information used to
generate different communication keys is protected against unauthorized
access in the same manner like the phase 1 authentication secret.

Greetings, Christina

> -----Original Message-----
> From: Jean-Jacques Puig [mailto:jean-jacques.puig@int-evry.fr]
> Sent: Thursday, June 20, 2002 12:18 AM
> To: ipsec@lists.tislabs.com
> Subject: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
> 
> 
> Hi,
> 
> Paul Hoffman / VPNC <paul.hoffman@vpnc.org> wrote:
> 
> > In the typical VPN scenario (either gateway-to-gateway or 
> remote-access WAN):
> > 
> > - PFS is a real requirement for some but not all user scenarios
> 
>  I agree. PFS support is, IMO, a requirement for scenarios 
> involving gateways, especially in VPNs.
> But not everybody will need PFS, and we can expect (in some 
> scenarios) the SA lifetime to be big enough for their use and 
> no key derivation required.
> 
> 	Should'nt PFS / Imperfect PFS / No PFS be negotiated in 
> the exchanges of IKEv2 ?
> 
> If not, I stand for PFS as a requirement.
> 
> --
> Jean-Jacques Puig
>

Prev by Date: Scenario-Question matrix
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Next by thread: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Index(es):
- Date
- Thread