[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: reliable notify question
There is a small problem with this. It is perhaps so small as to be
irrelevant, but I'll let you decide.
Say both peers (A and B) decide send a reliable delete on the same SA at
approx. the same time. By a fluke, both generate the same random mess_id
for the message. Now, each sends delete expecting an ACK. When B gets A's
message, he will expect it to be an ACK, since the mess_id is the same as
the message he sent. B will therefore try to verify the hash, and fail,
since it was in reality a new notify, not an ACK, from A. Similarily for A
processing B's notify.
Again, I don't know if we care, since the odds of this occurring are slim.
However, it will break processing of these notifies. A fix is to
distinguish in the payload the difference between an new notify and an ACK,
perhaps as a flag in the header. However, adding such a flag makes
backwards compatibility much harder. Is there any other good solution that
still preserves the relatively simple backwards compatability?
From: Dan Harkins [mailto:email@example.com]
Sent: Monday, October 04, 1999 5:39 PM
To: Brian Swander (Exchange)
Subject: Re: reliable notify question
They have to be the same, just like all the other exchanges. Otherwise
there would be no way to distinguish a response to your notify from a
newly initiated notify from the peer.
On Mon, 04 Oct 1999 13:11:23 PDT you wrote
> Also, MUST the message_id in the responders ACK be the same as the
> message_id in the initiator's N/D, or MUST the message_ids be different?
> I'd argue for the former, since it will allow easier lookups, and I doubt
> there are any security issues with the duplicate mess_id.
> -----Original Message-----
> From: Brian Swander (Exchange)
> Sent: Monday, October 04, 1999 10:11 AM
> To: 'Dan Harkins'
> Cc: firstname.lastname@example.org
> Subject: reliable notify question
> Pardon me if this has been asked before.
> In section 6.4.2 of the new IKE draft on reliable notifies, it says we
> to use the initiator and responder nonces in constructing the messages.
> Initiator Responder
> ----------- -----------
> HDR*, HASH(1), Ni, N/D -->
> <-- HDR*, HASH(2), Nr, N/D
> First, are these values the nonces that were already exchanged, or are
> newly generated for each reliable notify? I presume the former.
> If I am right so far, which nonce do we use, the MM nonces, or the QM
> nonces? I assume that we always use the MM nonce, since notifies are only
> really bound to the MM, and not to any particular QM.
> Is this correct?