[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTION: 3.1 DoS protection

To: andrew.krywaniuk@alcatel.com
Subject: RE: SOI QUESTION: 3.1 DoS protection
From: Michael Thomas <mat@cisco.com>
Date: Mon, 24 Jun 2002 09:09:07 -0700 (PDT)
Cc: "'Theodore Ts'o'" <tytso@mit.edu>, " 'list'" <ipsec@lists.tislabs.com>
In-Reply-To: <003d01c21b48$2b8f44c0$bc68e640@ca.alcatel.com>
References: <E17LVN2-0000L2-00@think.thunk.org><003d01c21b48$2b8f44c0$bc68e640@ca.alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

Andrew Krywaniuk writes:
 > > 3.1 DoS protection
 > >
 > > 3.1.A) WRT DOS attacks that exhaust memory or CPU resources,
 > > is it more
 > > important to always keep the message count at 4, or is it
 > > acceptable to add
 > > an additional roundtrip of messages when the responder thinks
 > > he's under
 > > attack?
 > 
 > The additional round-trip approach is better. Since we don't expect to be
 > under DoS attack most of the time, the average message count will still be
 > 4. When under attack, we should expect severe performance degredation
 > anyway. The noise to signal ratio will be so high that it won't make a
 > difference if there are 6 messages or 4.

   The fact that JFK only requires 4 round trips
   ever is certainly an advantage because you
   don't need to figure out when you're under
   attack (you always are :-), and it simplifies
   the state machine. 

   The real question is what advantage the IKEv2
   4/6 message exchange confers. As far as I
   remember -- correct me if I'm wrong -- is that
   the advantage was only that cipher suite
   negotiation was deferred until after you have a
   key. This is different than the ukases stance
   of JFK. However, if you're willing to reveal
   the cipher transforms in the clear (like JFK), 
   you can still have a 4 message exchange with
   JFK-like DOS resistance. See below.

 > The JFK draft makes the argument that ukases are preferable to negotiation
 > of parameters. I disagree, in the sense that the ukases must be handled by a
 > meta-negotiator. There is no negotiation within the JFK exchange, but there
 > is negotiation within the meta-exchange.

   One of my suggestions to the JFK authors was to
   relax the no-negotiation stance and adopt
   an offer/answer model. That is, with JFK Bob
   states which unilateral decision it has made
   and Alice either lives with that decision, or
   gives up. With an offer/answer mechanism Alice
   would enumerate a list of transforms it's willing
   to do, and Bob chooses one. 

   The advantage here is that offer/answer greatly
   mitigates the need for the meta-negotiator. This is
   obviously not much different than IKE's QM, of
   course, but I think the biggest mistake in
   IKE's current scheme is trying to negotiate each
   individual transform rather than aggregating them
   into a single offer. In reality, there's only a
   few interesting transform combinations (eg
   AES-128-CBC-SHA1) so I think any worries of 
   combinatorial explosion are overblown. To my
   mind, this strikes a more sensible balance
   (didn't Dan et al do this in ikev2?). 

   Voice has an almost identical set of issues
   with codec agreement. H.245 is the moral
   equivalent of IKE QM conjugates, and SDP is
   the moral equivalent of JFK ukases. In the
   end, both got it wrong. SDP+offer/answer is
   the middle and eminently more reasonable path,
   IMO.

		 Mike

Follow-Ups:
- RE: SOI QUESTION: 3.1 DoS protection
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:
- SOI QUESTION: 3.1 DoS protection
  - From: "Theodore Ts'o" <tytso@mit.edu>
- RE: SOI QUESTION: 3.1 DoS protection
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: RE: SOI QUESTIONS: 2.6 Formal proofs of security
Next by Date: RE: SOI QUESTIONS: 2.4 Number of crypto operations
Prev by thread: RE: SOI QUESTION: 3.1 DoS protection
Next by thread: RE: SOI QUESTION: 3.1 DoS protection
Index(es):
- Date
- Thread