[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ready for IETF Last Call draft-ietf-ipsec-dpd-01.txt

To: ghuang@cisco.com, ipsec@lists.tislabs.com
Subject: Re: Ready for IETF Last Call draft-ietf-ipsec-dpd-01.txt
From: "Andrew Krywaniuk" <askrywan@hotmail.com>
Date: Fri, 28 Feb 2003 16:09:28 -0500
Sender: owner-ipsec@lists.tislabs.com

I have some long-standing comments on the DPD draft, seeing as it is 
apparently being updated anyway.

The justification for why DPD scales better than heartbeats still bugs me. 
You quote this sensationalistic number of 50,000 IKE packets every  few 
seconds, which is meaningless (the same concentrator is no doubt forwarding 
tens of millions of packets during that same interval).

Still, the DPD draft does vastly reduce IKE bandwidth. But I don't see any 
mention of the tradeoff, which is response time. The schemes with periodic 
messages send most of those messages in order to ensure that an idle SA will 
work when needed. The DPD draft saves bandwidth by not probing an idle SA, 
but when a broken SA is discovered, the fault is corrected pre-emptively. 
That is the salient tradeoff in this case.

On another note, the sequence number scheme is similar to what I defined in 
draft-heartbeats, but I think you are misapplying it. In the case of 
heartbeats, I had a good justification for requiring that the sequence 
number increases by exactly 1 each time. The heartbeats were unidirectional, 
and there were certain subtle attacks that could only be prevented by strong 
binding the sequence number to time.

That situation doesn't exist here. The sequence number still prevents 
replay, but it doesn't have to be bound to time. Therefore, it would be 
permissible for the numbers to not be sequential (although they still ought 
to be monotonically increasing).

This could be relevant in the case where a DPD packet is lost. I believe 
there is no need to retransmit the R-U-THERE messages. Just begin a new 
exchange and increment the sequence number. But I don't think you can do 
this if the peer stores the sequence numbers and requires them to increase 
by 1 each time. Then you would have to follow the regular ISAKMP 
retransmission mechanism.

There is also the starting sequence number that you say MUST be generated 
randomly. That provides an additional unpredictable variable to thwart the 
attacker, which may be good practice but it's not literally a requirement. A 
bunch of the MUSTs in this section could be MAYs or SHOULDs.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.



_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus

Prev by Date: Re: the encrypted payload in IKEv2-05
Next by Date: Re: "Me Tarzan, You Jane" in IKEv2-05
Prev by thread: Re: Ready for IETF Last Call draft-ietf-ipsec-dpd-01.txt
Next by thread: Re: a proposal of address management for IKEv2
Index(es):
- Date
- Thread