RE: AggressiveMode issue

Roy Pereira <rpereira@TimeStep.com> Mon, 27 April 1998 17:41 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA13574 for ipsec-outgoing; Mon, 27 Apr 1998 13:41:57 -0400 (EDT)
Message-ID: <319A1C5F94C8D11192DE00805FBBADDF063636@exchange.timestep.com.219.168.192.in-addr.arpa>
From: Roy Pereira <rpereira@TimeStep.com>
To: Tero Kivinen <kivinen@ssh.fi>
Cc: ipsec@tis.com
Subject: RE: AggressiveMode issue
Date: Mon, 27 Apr 1998 13:43:00 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.1960.3)
Content-Type: text/plain
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

The problem with this approach is that an implementation would have to
hold every ISAKMP message sent in a retransmission buffer.  That is
quite costly for a security gateway handling thousands of connections.

Perhaps a better way is to use the COMMIT bit to require a
NOTIFY-CONNECT message to be sent the the responder, then proceeding
with the QuickMode exchange?


> -----Original Message-----
> From: Tero Kivinen [mailto:kivinen@ssh.fi]
> Sent: Monday, April 27, 1998 11:09 AM
> To: Roy Pereira
> Cc: ipsec@tis.com
> Subject: AggressiveMode issue
> 
> 
> Roy Pereira writes:
> > Not to delay the documents, but I have a question about 
> Aggressive Mode;
> > 
> > When the Initiator sends out the third phase 1 message, how 
> does he know
> > that the responder received it so that he can start the Quick Mode
> > exchange?
> > 
> >   Initiator                 Responder
> >   ---------                 ---------
> > 
> > MainMode:
>   ^^^^^^^^
> I assume this should be aggressive mode...
> 
> >  1 HDR, SA, KE, Ni, IDii -->
> >  2                       <-- HDR, SA, KE, Nr, IDir, HASH_R
> >  3 HDR, HASH_I           -->
> > 
> > QuickMode:
> >  1 HDR*, HASH(1), SA, Ni -->
> >  2                       <-- HDR*, HASH(2), SA, Nr
> >  3 HDR*, HASH(3)         -->
> > 
> > The problem is that the responder might not get MM3 or that 
> he might get
> > QM1 before he gets MM3.
> 
> If the AG3 is lost and the initiator starts quick mode immediately,
> the responder will just silently drop the first quick mode packet.
> After some time the responder notices that it hasn't received the last
> aggressive mode packet and retrasmits its seconds packet (AG2), and
> when the initiator receives that it retrasmits its final packet (AG3).
> 
> The initiator also keeps retrasmitting the QM1 packet until the
> responder replies.
> 
> So the exchange is like this:
> 
> Initiator				Responder
> ---------				---------
> AG1 HDR, SA, KE, Ni, IDii	-->
> AG2				<-- HDR, SA, KE, Nr, IDir, HASH_R
> AG3 HDR, HASH_I			-->| (this packet is lost)
> 
> QM1 HDR*, HASH(1), SA, Ni	--> (responder drops this)
> 
> 				    (responder times out and retrasmits)
> AG2b				<-- HDR, SA, KE, Nr, IDir, HASH_R
> 
> (Initiator notices retransmit and retransmits its last packet
> 
> AG3b HDR, HASH_I			-->
> 				    (aggressive mode done, 
> phase I done).
> 
> (Initiators quick mode times out and it retransmits the packet)
> QM1b HDR*, HASH(1), SA, Ni	-->
> QM2				<-- HDR*, HASH(2), SA, Nr
> QM3 HDR*, HASH(3)		-->
> 
> (quick mode exchange done, phase II done). 
> -- 
> kivinen@iki.fi                               Work : +358-9-4354 3218
> SSH Communication Security                   http://www.ssh.fi/
> SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/
>