[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call draft-ietf-ipsec-dpd-01.txt

To: ipsec@lists.tislabs.com
Subject: Re: WG Last Call draft-ietf-ipsec-dpd-01.txt
From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Date: Mon, 3 Feb 2003 16:47:57 -0700
In-reply-to: Yourmessage <4.3.2.7.2.20030203073615.02aa5270@mira-sjc5-4.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

The draft has a number of non-ascii characters.  

There was once a good statement on the mailing list about why
keep-alives were important, but this draft doesn't have such a thing.
What important advantage accrues from keep-alives?  They allow state
to be removed more aggressively and efficiently than methods without
keep-alives?  Alos, there is mention of a "mitigation" of the need for
timers, but one still needs them, it seems.

There should be some context about where the SPI and associated
parameters come from.  It's a little difficult to grok these things
exist until one gets to the message formats.  There's a statement
early on that there will be comparison between methods based on IPSec
SA's and IKE SA's, but the promise is not kept, as nearly as I can see.

There's a statement that "unencrypted" data must be rejected.  How does
one make a determination that the data has been encrypted?  From a security
viewpoint, it seems more important that a message authentication code be
validated than that encryption be applied.

There is no mention of what should be done if the peer doesn't
respond.  Is the RUTHERE sent again?  How fast, how many times before
making a deadness decision?  Suppose A decides B is dead, but B does
not agree.  A will start a new "session" and choose a new sequence
number.  B might continue using the previous "session".  If A refuses
to respond, B might eventually conclude that A is dead and start a new
session.  How do they resynchronize?

Suppose B decides to optimize by pre-computing its responses and sends them
prior to A's requests, using a timer.  Is there any harm?

There's an obscure covert channel introduced by this mechanism.  If A
sends IPSec traffic to B and E corrupts that traffic, B will consider
A unresponsive and send a keep-alive.  That lets E distinguish between
successful and unsuccessful corruption.

Security considerations should address how long a session can be used
with the sequence number scheme.  What it be feasible, for example, to
have a one millisecond "worry interval"?

Hilarie

Follow-Ups:
- RE: WG Last Call draft-ietf-ipsec-dpd-01.txt
  - From: "Geoffrey Huang" <ghuang@cisco.com>

Prev by Date: Re: Modefg considered harmful
Next by Date: RE: new to VPN
Prev by thread: Re: Revised identity, again
Next by thread: RE: WG Last Call draft-ietf-ipsec-dpd-01.txt
Index(es):
- Date
- Thread