AggressiveMode issue

Tero Kivinen <kivinen@ssh.fi> Mon, 27 April 1998 14:53 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id KAA12273 for ipsec-outgoing; Mon, 27 Apr 1998 10:53:51 -0400 (EDT)
Date: Mon, 27 Apr 1998 18:08:45 +0300
Message-Id: <199804271508.SAA01396@pilari.ssh.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
From: Tero Kivinen <kivinen@ssh.fi>
To: Roy Pereira <rpereira@TimeStep.com>
Cc: ipsec@tis.com
Subject: AggressiveMode issue
In-Reply-To: <319A1C5F94C8D11192DE00805FBBADDF063394@exchange.timestep.com.219.168.192.in-addr.arpa>
References: <319A1C5F94C8D11192DE00805FBBADDF063394@exchange.timestep.com.219.168.192.in-addr.arpa>
X-Mailer: VM 6.34 under Emacs 19.34.2
Organization: SSH Communications Security Oy
X-Edit-Time: 8 min
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Roy Pereira writes:
> Not to delay the documents, but I have a question about Aggressive Mode;
> 
> When the Initiator sends out the third phase 1 message, how does he know
> that the responder received it so that he can start the Quick Mode
> exchange?
> 
>   Initiator                 Responder
>   ---------                 ---------
> 
> MainMode:
  ^^^^^^^^
I assume this should be aggressive mode...

>  1 HDR, SA, KE, Ni, IDii -->
>  2                       <-- HDR, SA, KE, Nr, IDir, HASH_R
>  3 HDR, HASH_I           -->
> 
> QuickMode:
>  1 HDR*, HASH(1), SA, Ni -->
>  2                       <-- HDR*, HASH(2), SA, Nr
>  3 HDR*, HASH(3)         -->
> 
> The problem is that the responder might not get MM3 or that he might get
> QM1 before he gets MM3.

If the AG3 is lost and the initiator starts quick mode immediately,
the responder will just silently drop the first quick mode packet.
After some time the responder notices that it hasn't received the last
aggressive mode packet and retrasmits its seconds packet (AG2), and
when the initiator receives that it retrasmits its final packet (AG3).

The initiator also keeps retrasmitting the QM1 packet until the
responder replies.

So the exchange is like this:

Initiator				Responder
---------				---------
AG1 HDR, SA, KE, Ni, IDii	-->
AG2				<-- HDR, SA, KE, Nr, IDir, HASH_R
AG3 HDR, HASH_I			-->| (this packet is lost)

QM1 HDR*, HASH(1), SA, Ni	--> (responder drops this)

				    (responder times out and retrasmits)
AG2b				<-- HDR, SA, KE, Nr, IDir, HASH_R

(Initiator notices retransmit and retransmits its last packet

AG3b HDR, HASH_I			-->
				    (aggressive mode done, phase I done).

(Initiators quick mode times out and it retransmits the packet)
QM1b HDR*, HASH(1), SA, Ni	-->
QM2				<-- HDR*, HASH(2), SA, Nr
QM3 HDR*, HASH(3)		-->

(quick mode exchange done, phase II done). 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communication Security                   http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/