[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: reliable notify question



There is a small problem with this.  It is perhaps so small as to be
irrelevant, but I'll let you decide.

Say both peers (A and B) decide send a reliable delete on the same SA at
approx. the same time.  By a fluke, both generate the same random mess_id
for the message.  Now, each sends delete expecting an ACK.  When B gets A's
message, he will expect it to be an ACK, since the mess_id is the same as
the message he sent.  B will therefore try to verify the hash, and fail,
since it was in reality a new notify, not an ACK, from A. Similarily for A
processing B's notify.

Again, I don't know if we care, since the odds of this occurring are slim.
However, it will break processing of these notifies.  A fix is to
distinguish in the payload the difference between an new notify and an ACK,
perhaps as a flag in the header.  However, adding such a flag makes
backwards compatibility much harder.  Is there any other good solution that
still preserves the relatively simple backwards compatability?

bs

-----Original Message-----
From: Dan Harkins [mailto:dharkins@network-alchemy.com]
Sent: Monday, October 04, 1999 5:39 PM
To: Brian Swander (Exchange)
Cc: 'ipsec@lists.tislabs.com'
Subject: Re: reliable notify question 


  They have to be the same, just like all the other exchanges. Otherwise
there would be no way to distinguish a response to your notify from a
newly initiated notify from the peer. 

  Dan.

On Mon, 04 Oct 1999 13:11:23 PDT you wrote
> Also, MUST the message_id in the responders ACK be the same as the
> message_id in the initiator's N/D, or MUST the message_ids be different?
> 
> I'd argue for the former, since it will allow easier lookups, and I doubt
> there are any security issues with the duplicate mess_id.
> 
> bs
> 
> -----Original Message-----
> From: Brian Swander (Exchange) 
> Sent: Monday, October 04, 1999 10:11 AM
> To: 'Dan Harkins'
> Cc: ipsec@lists.tislabs.com
> Subject: reliable notify question
> 
> 
> Pardon me if this has been asked before.
> 
> In section 6.4.2 of the new IKE draft on reliable notifies, it says we
need
> to use the initiator and responder nonces in constructing the messages.
> 
>         Initiator                        Responder
>       -----------                      -----------
>        HDR*, HASH(1), Ni, N/D  -->
>                                <--      HDR*, HASH(2), Nr, N/D
> 
> First, are these values the nonces that were already exchanged, or are
they
> newly generated for each reliable notify?  I presume the former.
> 
> If I am right so far, which nonce do we use, the MM nonces, or the QM
> nonces?  I assume that we always use the MM nonce, since notifies are only
> really bound to the MM, and not to any particular QM.
> 
> Is this correct?  
> 
> bs
> 
>