Re: Slicing and dicing
Daniel Harkins <dharkins@cisco.com> Fri, 12 September 1997 22:40 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA10827 for ipsec-outgoing; Fri, 12 Sep 1997 18:40:40 -0400 (EDT)
Message-Id: <199709122250.PAA28343@dharkins-ss20>
X-Authentication-Warning: dharkins-ss20.cisco.com: Host localhost.cisco.com didn't use HELO protocol
To: Stephen Kent <kent@bbn.com>
Cc: Cheryl Madson <cmadson@cisco.com>, ipsec@tis.com
Subject: Re: Slicing and dicing
In-Reply-To: Your message of "Fri, 12 Sep 1997 16:31:27 EDT." <v03102816b03f554fed0a@[128.89.0.110]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 12 Sep 1997 15:50:31 -0700
From: Daniel Harkins <dharkins@cisco.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Steve, If a negotiated algorithm has a weak key and the check is not done then there will be no rejection and hence no need for ISAKMP to support this sort of notification. If the check is done then both sides will arrive at the same conclusion and throw the thing away. Again, no need for such a notification. If we decide to make things really ugly and allow a side to just decide to do a weak key check (did someone say "replay"?) then it can use a DELETE message to inform the other party that it didn't really like that SA and not to use it. (This can be used for other generic and probably more likely situations such as a malloc failing that results in the inability of KM to add the SA). Hence, there is no need for this. Of course, ISAKMP is sufficiently general that you can do this sort of thing in your implementation by using a private use notify number. That's the whole point. It is possible, though, to add a new notify type and it's even possible to add a new negotiable attribute to say whether you do weak key checks and also to add another payload in which you can specify the weak keys you check (with an algorithm field and a number of keys field). That way each side will have all the information on hand in case a weak key is found. But that is featureitis, a form of protocol cancer. This whole discussion is evident of the problem of the IPSec WG. A question is raised about confusing language in a draft-- do you check bytes 1-8 or 8-15 if bytes 0-7 are weak-- which then morphs into a discussion about whether a popular book is wrong which morphs into statistical analysis of how often weak keys are found which morphs into adding another feature into a protocol! We should all be ashamed. (And that's not neither the royal, medical, nor law enfocement "we". I'm taking a heaping helping of blame). Dan. > That defers the question of what to do for DES in CBC mode to the > algorithm document itself. Based on the current discussion, it looks like > people are willing to just punt on this case, but I would likle to see a > requirement in ISAKMP to support the generic rejection facility. Is it > reasonable to provide an error indication to the other end indicating the > reason for the rejection, just in case implementations don't agree on the > rejection (or at least for audit trail purposes)?
- Slicing and dicing Rodney Thayer
- Slicing and dicing Karl Fox
- Re: Slicing and dicing Dave Mason
- Re: Slicing and dicing Phil Karn
- Re: Slicing and dicing Karl Fox
- Re: Slicing and dicing Theodore Y. Ts'o
- Re: Slicing and dicing Jim Gillogly
- Re: Slicing and dicing Cheryl Madson
- Re: Slicing and dicing Michael C. Richardson
- Re: Slicing and dicing Dan McDonald
- Re: Slicing and dicing Cheryl Madson
- Weak DES keys Michael C. Richardson
- Re: Slicing and dicing Karl Fox
- Weak DES keys Karl Fox
- Re: Slicing and dicing Stephen Kent
- Re: Slicing and dicing Theodore Y. Ts'o
- Re: Slicing and dicing Daniel Harkins
- Re: Slicing and dicing Ran Atkinson