SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution



    [... various snips to focus on the SA replacement issue ...]
    
    > > The encryption can probably be removed by negotiating a new SA that
    > > doesn't encrypt and deleting the old one, but that still requires
    > > ESP integrity.
    > 
    > Could we have a more complete example of this (SA changing in 
    > mid-stride)?
    
    It is literally as described - the sender sets up a new SA, and deletes
    the old one.  These are done via IKE in the usual fashion.
    
    > From talking with some IPsec implementers, it can be done. We 
    > just will need to note a number of details to make sure we have it right.
    
    There is quite a bit of experience in getting IKE to interoperate -
    that's where most of the details are, and most of them aren't specific
    to this policy change.
    
    > One thing that will be needed is for us to be able to set policy on a
    > per-socket basis, and for us to be able to examine the policy 
    > in place on a socket.That way a target can verify that a login is covered
    by
    > sufficiently-secure policy, and the initiator (and target) can adjust
    > policy (to relax it).
    
    Many/most IPsec implementations support this functionality locally
    (i.e., in the SPD/SAD).  If per-socket granularity is needed, don't
    use an implementation that doesn't provide it.
    
    > There is of course the question of what to do if the other side doesn't
    > want to relax policy. :-)
    
    This'll be reflected in an IKE negotiation failure - the other side will
    refuse to set up the SA if it won't relax policy.  Incompatible IKE policies
    can already result in inability to communicate - I don't know of any magic
    we can apply here.
    
    > A few other implementation notes. 1) some IPsec implementations will
    > continue using an older SA (the with-privacy one) for a while.
    
    That's why I used the words "and deleting the old one", as an implementation
    cannot use an SA that has been affirmatively deleted.  The receiver needs
    to keep the old SA state around for a while to deal with in-flight packets,
    but a delete on the sender side had better cause an immediate switch to the
    new one.
    
    > 2) we need to have the initiator make sure it's using strong policy when 
    > it does the CHAP phase - otherwise if it is logging back into a target 
    > and happens to use a port number that it used before, the old (weaker) SA
    > might still be there.
    
    Yes.
    
    > I would prefer the key randomness be a MUST, so we can avoid this. While
    > rather doable, it will add more to the implementation complexity.
    
    Noted.  With the current wording, if your implementation treats the key
    randomness as a MUST, it can avoid this.  If you don't think the proposed
    text gets to this point, please point out where the problem is and
    suggest alternative wording.
    
    Thanks,
    --David
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
    black_david@emc.com         Cell: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Thu May 23 14:18:28 2002
10256 messages in chronological order