Re: revised IPsec processing model

[Stephen Kent <kent@bbn.com>]

At 14:45 -0700 8/11/03, Joe Touch wrote:
>Stephen Kent wrote:
>
>>Joe,
>>
>>I believe the bottom line here is that you view situations where 
>>dynamic routing will affect the choice of an SPD as common, whereas 
>>many of us view them as relatively rare.  We each have our own 
>>models of common vs. rare operation and there is probably no point 
>>inn debating further which is more common in what context and/or at 
>>what time (now vs. future).
>
>Steve,
>
>An IP security architecture ought to support IP, which includes 
>dynamic routing. Dynamic routing necessarily involves overlapping 
>traffic selectors; it is a disservice to assert this is a mere 
>'difference of opinions'.
>
>>As I revise the processing model to take into account the comments 
>>I have received, I will try to reword it to be as clear as possible 
>>about the security implications associated with different 
>>assumptions about routing tables and the extent to which they may 
>>change without secure intermediation, as the security implications 
>>of such changes.
>
>That is a good first step, but I remain concerned about whether this 
>realization/clarification warrants other, more significant changes.
>
>Joe

Joe,

I have had considerable experience developing IP layer security 
technology over the last 25 years.  The dynamic routing concerns you 
cite have rarely arisen in those systems, but then they also didn't 
tend to have the equivalent of multiple SPDs. More recently dynamic 
routing has become an issue for some systems of this sort, and the 
need to ensure the security of routing data that will be used in a 
way that might affect security is something that I have personally 
emphasized. One need not even have multiple SPDs or overlapping 
selectors for this to be a concern.

In revising the processing model I will try to accurately reflect these issues.

Steve