[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] new internet draftt - draft-touch-anonsec





Bora Akyol wrote:

> Joe
> 
> What is the difference between AnonIKE and having the same
> pre-shared key (as in preshared_key ="anonIKE") in all of the points of
> interest?

That's something we're looking into. Far as I can tell right now, using 
unauthenticated certificates (i.e., where the CA isn't checked) is 
equivalent to a longer nonce. There may be some value to using a longer 
nonce - I don't know enough about the diffie-hellman exchange to 
determine that. Otherwise, though, they should be equivalent.

> I think this would get you the same effect. I also fail to see what is 
> so scary about adding the ACK response to RST to TCP as described in
> tcpm draft that came out. Your argument in the draft does not 
> actually show a fundamental problem with this approach.

The draft is not intended to go into that level of detail, but to refer 
to discussions on the TCPM mailing list which will hopefully go into an 
update of the RST-modification draft.

One concern is a RST ACK storm. A RST is intended to be a unilateral 
connection abort; replying to that sort of thing, depending on the state 
of the source, can cause oscillation.

> Finally, as is widely discussed, IKEv1 is not the most robust protocol
> as far as responsiveness to DOS attacks. By requiring these nodes to do
> IKE, I think we would opening ourselves up for more problems.
> 
> Regards,
> 
> Bora

I don't appreciate enough of the details between IKEv1 and IKEv2 to 
understand whether that would solve the problem.

I would presume that IKE would be rate-limited, i.e., the same way SYN 
processing is for TCP, to protect new association requests from 
assaulting existing associations. Is that the issue with DOS for IKEv1, 
or is there something more specific?

Joe

Attachment: signature.asc
Description: OpenPGP digital signature