question about PFS SA duration

Eric Scoredos <rio@cup.hp.com> Wed, 18 March 1998 00:15 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id TAA21261 for ipsec-outgoing; Tue, 17 Mar 1998 19:15:55 -0500 (EST)
From: Eric Scoredos <rio@cup.hp.com>
Message-Id: <199803180029.QAA29721@hpindlm.cup.hp.com>
Subject: question about PFS SA duration
To: ipsec@tis.com
Date: Tue, 17 Mar 1998 16:29:55 -0800
Cc: ipsec@hpindlm.cup.hp.com
X-Mailer: Elm [revision: 212.4]
Sender: owner-ipsec@ex.tis.com
Precedence: bulk


I have a question about PFS that came up at the RTP Interop.  The IKE
drafts define the conditions for identity protection and non-derivability
of keying material necessary for PFS.  However, neither the Architecture
nor IKE drafts mention how the lifetime of the PFS SA is controlled so
that multiple, unrelated messges are not sent using the same QM PFS SA.

In the kernel, we can tell when to start a PFS session if there is no
pre-existing SA for the appropriate selectors; however, it is not clear
how we terminate this SA and prevent its re-use by  another message
using similar selectors after the original session as terminated.

The SKIP documents talk about establishing a specific timeout for the
PFS key and establishing new keys if more data needs to be send.
A pre-established timeout seems fairly non-specific and I wonder if
there are other architectural methods for establishing the duration
of the PFS SA.

In any case, I think the IPSEC drafts should offer direction here.

Thanks for your help (and sorry if I missed the previous resolution
of this issue).

Salute, erik

question about PFS SA duration Eric Scoredos