[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Error in ips-security-07

    Excerpt of message (sent 26 January 2002) by
    > This is the infamous "dangling SA" issue discussed in ipsec
    > in the past.  While I don't recall its resolution, the IKEv2
    > draft prohibits dangling SAs, and the IPS Security draft is
    > taking the same position.  OTOH, I seem to recall that IKEv1
    > implementations differ on whether dangling SAs are allowed.
    > Paul - are you suggesting that prohibiting dangling SAs
    > would unnecessarily exclude some IKEv1 implementations to
    > our detriment?
    I'm not sure what "dangling SAs" are, or whether that term applies to
    the case you're talking about here.  I'll have to look at IKEv2 to see
    what the story is there.
    As for IKEv1, the spec explicitly discusses deleting the Phase 1 SA
    immediately after the Phase 2 negotation (Quick Mode) has been
    performed, in situations where you want Perfect Forward Secrecy.   So
    it's not just that this is silently permitted -- it is explicitly
    recommended.  Therefore I think it is a very bad idea for the IPS
    security spec to explicitly disallow that same behavior!
    I've run into several implementations that built in an assumption that
    the Phase 2 SA is subordinate to the Phase 1 SA.  That's simply a
    wrong assumption, as the text I quoted makes clear, and such
    assumptions caused interop problems in interop test sessions.  I
    remember having to fix this bug in our implementation at some point.
    We need to make sure we don't duplicate those bugs here.
    In any event, I cannot see any reason for the IPS spec to discuss this
    topic at all.  SAs should be deleted when the IKE/IPsec specs call for
    their deletion and not otherwise.  Why should IPS care what those
    rules are?  We already have a lot of dabbling in internal IPsec/IKE
    detail going on in the IPS security spec.  Talking about requirements
    subsetting is one thing -- restating IKE algorithms is quite another,
    especially if the restatement conflicts with the authoritative text.
    It *is* correct for the IPS spec to say what you do to a connection
    when the SA protecting it goes away.  That's already covered (on page
    12); the current text makes sense to me.


Last updated: Mon Jan 28 11:18:05 2002
8513 messages in chronological order