[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SOI QUESTION: 3.1 DoS protection
Andrew Krywaniuk writes:
> > 3.1 DoS protection
> >
> > 3.1.A) WRT DOS attacks that exhaust memory or CPU resources,
> > is it more
> > important to always keep the message count at 4, or is it
> > acceptable to add
> > an additional roundtrip of messages when the responder thinks
> > he's under
> > attack?
>
> The additional round-trip approach is better. Since we don't expect to be
> under DoS attack most of the time, the average message count will still be
> 4. When under attack, we should expect severe performance degredation
> anyway. The noise to signal ratio will be so high that it won't make a
> difference if there are 6 messages or 4.
The fact that JFK only requires 4 round trips
ever is certainly an advantage because you
don't need to figure out when you're under
attack (you always are :-), and it simplifies
the state machine.
The real question is what advantage the IKEv2
4/6 message exchange confers. As far as I
remember -- correct me if I'm wrong -- is that
the advantage was only that cipher suite
negotiation was deferred until after you have a
key. This is different than the ukases stance
of JFK. However, if you're willing to reveal
the cipher transforms in the clear (like JFK),
you can still have a 4 message exchange with
JFK-like DOS resistance. See below.
> The JFK draft makes the argument that ukases are preferable to negotiation
> of parameters. I disagree, in the sense that the ukases must be handled by a
> meta-negotiator. There is no negotiation within the JFK exchange, but there
> is negotiation within the meta-exchange.
One of my suggestions to the JFK authors was to
relax the no-negotiation stance and adopt
an offer/answer model. That is, with JFK Bob
states which unilateral decision it has made
and Alice either lives with that decision, or
gives up. With an offer/answer mechanism Alice
would enumerate a list of transforms it's willing
to do, and Bob chooses one.
The advantage here is that offer/answer greatly
mitigates the need for the meta-negotiator. This is
obviously not much different than IKE's QM, of
course, but I think the biggest mistake in
IKE's current scheme is trying to negotiate each
individual transform rather than aggregating them
into a single offer. In reality, there's only a
few interesting transform combinations (eg
AES-128-CBC-SHA1) so I think any worries of
combinatorial explosion are overblown. To my
mind, this strikes a more sensible balance
(didn't Dan et al do this in ikev2?).
Voice has an almost identical set of issues
with codec agreement. H.245 is the moral
equivalent of IKE QM conjugates, and SDP is
the moral equivalent of JFK ukases. In the
end, both got it wrong. SDP+offer/answer is
the middle and eminently more reasonable path,
IMO.
Mike