[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto algorithms for IKEv2
> > Come to think of it, I don't think we ever resolved the issue of what to
>do
> > when the initiator of a CREATE_CHILD_SA exchange doesn't propose PFS but
>the
> > responder requires it. This could be accomplished with a
> > NOTIFY_PFS_REQUIRED_ALWAYS or NOTIFY_PFS_REQUIRED_NEXT_SA message.
> >
>My reading of the current specification is that if the initiator doesn't
>propose PFS but the responder requires it, the proposal will be rejected
>with a NO_PROPOSAL_CHOSEN notification, just as would any other time there
>is no overlap between what the initiator proposes and what the responder is
>prepared to accept.
I guess the danger I was thinking of is that some people have been talking
about PFS as a run-time parameter rather than a configuration parameter.
I.e. you have a PFS interval for the original phase 1 key. Once that
interval has elapsed, you delete SKEYSEED_D and require PFS for every
subsequent CREATE_CHILD_SA (possibly reusing the exponent).
The trouble is that when you receive a NO_PROPOSAL_CHOSEN message, this
normally represents a configuration error (where the administrator has to
check that both sides are using the same ciphersuites). Now we have a case
where the NO_PROPOSAL_CHOSEN message could also occur for an already
functioning SA.
As I pointed out earlier, the UI suites in
draft-hoffman-ipsec-algorithms-00.txt make no mention of PFS. So my guess is
that half the implementations will have it on by default and half will have
it off by default. This means that we either need a PFS on/off checkbox in
the GUI (which defeats the purpose of a single configuration knob via UI
suites) or we have to implement a routine to retry with PFS any time you
receive a NO_PROPOSAL_CHOSEN message.
I suspect that most people will choose the former. (God forbid that anyone
actually attempts the strategy where you rekey without PFS for the first N
minutes and then with PFS for the remainder of the SA lifetime.)
Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963