[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE_SA SPI with a changed address
In your previous mail you wrote:
what would happen in IKEv2 if the Initiator and Responder change their
IP adresses after have established an IKE_SA?
=> nothing very good:
- NAT traversal includes an optional automatic peer address update
for all SAs for a peer which is detected to be behind a NAT.
- responses are required to be sent with source/destination address/port
reversed, so received requests will be correctly answered.
- without an explicit peer address update mechanism (there is a WG
agreement to study such a thing in the close future) the best is
just to rekey the IKE_SA.
It is still possible refernce the SAD with the SPI (the IKE_SA SPI)
=> yes, this is the role of the SPI and any IKEv2 implementation
which uses addresses to look up an IKE_SA should be nuked.
found in the CREATE_CHILS_SA header in order to retrieve the parametres
to generate a new CHILD_SA?
=> an IKE_SA rekey will use the addresses IKE runs over so this should work.
BTW as the peer addresses are not protected in this case and some attacks
can be built using this security flaw, it is possible a future draft
will change this... For instance I interpret Jari and Tero's proposal
as keeping the peer addresses seen in the first message where they are
indirectly protected, note the proposal includes an explicit update
mechanism too. Nothing is really decided, only my firm intention to
raise a concern if nothing is done about peer address protection
before the last call.
Thanks
Francis.Dupont@enst-bretagne.fr
PS: read draft-dupont-transient-pseudonat-01.txt for an example
of an attack based on the lack of protection, and RFC 3519 for
a defense against a similar problem in Mobile IP which was never
claimed to be a security protocol...