IETF Logo Mail Archive

Re: problems with draft-jenkins-ipsec-rekeying-06.txt

Dan Harkins <dharkins@cips.nokia.com> Tue, 18 July 2000 01:26 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA02181; Mon, 17 Jul 2000 18:26:06 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id UAA16754 Mon, 17 Jul 2000 20:14:38 -0400 (EDT)
Message-Id: <200007180019.RAA23028@potassium.network-alchemy.com>
To: Henry Spencer <henry@spsystems.net>
cc: Andrew Krywaniuk <andrew.krywaniuk@alcatel.com>, hugh@mimosa.com, 'Tim Jenkins' <TJenkins@Catena.com>, 'IPsec List' <ipsec@lists.tislabs.com>, 'Hugh Daniel' <hugh@toad.com>, 'John Gilmore' <gnu@toad.com>
Subject: Re: problems with draft-jenkins-ipsec-rekeying-06.txt
In-reply-to: Your message of "Mon, 17 Jul 2000 18:36:03 EDT." <Pine.BSI.3.91.1000717181505.18264I-100000@spsystems.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <23025.963879579.1@network-alchemy.com>
Date: Mon, 17 Jul 2000 17:19:39 -0700
From: Dan Harkins <dharkins@cips.nokia.com>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

  Yes, technical merit should guide resolution but it helps to have
the problem laid out first. This whole thing started with your
proposal that was a "better approach to certain parts of the rekeying
problem" that draft-jenkins-ipsec-rekeying-06.txt addressed. That
draft addresses _lots_ of issues. What certain parts are you resolving?

  The responder pre-set-up problem, which is what you seem to be
focusing on, is solved by using a CONNECTED notify. There is no "security 
hole" associated with this. There is only potential for a DoS attack. 
Nowhere in your proposal does it even discuss a DoS attack. So what is 
it you're solving? If the problem space has moved then let's take a 
step back and redefine what it is we're discussing.

  Maybe an even more *superior* solution would be what David Faucher
proposed: just make the MID a monotonically increasing counter and
don't accept anything <= the currently authenticated MID. But this
requires agreeing on what the problem is that the solution proposes
to solve. 

  Dan.

On Mon, 17 Jul 2000 18:36:03 EDT you wrote
> 
> Moreover, I think this has slightly missed our point.  We are not just
> arguing that there is a different interpretation possible here, or that it
> is the preferred interpretation in the absence of supplementary folklore
> (although we do make both those claims). 
> 
> We contend that our interpretation is *superior*.  It improves the
> protocol's robustness, and permits solving certain vexing problems in a
> much simpler way than Tim Jenkins proposes, and does this (as verified by
> both analysis and practical experience) without introducing significant
> implementation difficulties or interoperability problems.
> 
> The primary criterion for choice when resolving ambiguities should be
> technical merit, not closeness to the original intent. 
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
>

v2.23.0 | Report a Bug | By Email