[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reminder: last call for PIC in the IPSRA WG

To: Markus Stenberg <mstenber@xxxxxxx>
Subject: Re: Reminder: last call for PIC in the IPSRA WG
From: Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>
Date: Wed, 17 Oct 2001 00:23:44 +0200 (IST)
Cc: working group ipsra <ietf-ipsra@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

Dear Markus,

Better later than never...

One can add to PIC some DOS protection via two extra initial messages
(this is what I said during the London ietf meeting when asked about
it). Adding these messages is quite straightorward from the point of view
of specification (the messages would carry a cookie from client to server
and one from server to client -- the last one being a stateless cookie a
la Karn) but it certainly adds performance and protocol complexity.
Having lacked explicit requirements for such measures we settled for
simplicity and less performance penalty.

If you obtain consensus to add this stuff, then it is doable.

As for your suggestion to use base mode: this solution would be
inappropriate here. It requires a responder's state anyway and its main
advantage in the context of IKE is lost here. This advantage is that the
responder can do a (rleatively cheap) RSA sig verification before it
performs its own signature and the g^xy DH exponentiation. However, in PIC
there is no signature from the client at all, so this mechanism of base
mode does not aply here.

Thanks for the feedback.

Hugo

On 17 Sep 2001, Markus Stenberg wrote:

> 
> paul.hoffman@xxxxxxxx (Paul Hoffman / VPNC) writes:
> > Hi again. Just a reminder that we are in the middle of the PIC last 
> > call in the IPSRA WG. The last call ends at the end of September 
> > unless significant changes are needed to the spec.
> > 
> > It has been pretty quiet here, and maybe that is good.
> 
> I was also on vacation (four weeks :>), which delayed somewhat this mail. I
> didn't want to start discussion while people were still in Finland in the
> VPN workshop, and I regrettably had to leave workshop's summary session
> before I could poll it locally.
> 
> I still personally feel that with the discussion about s-o-IKE, and
> _especially_ the discussions regarding aggressive/main(/base) mode in IPsec
> WG, it might be bad idea to select aggressive-like approach for PIC.
> 
> Why do we want to perform significant work on basis of a packet from a
> source which we haven't even verified exists and really wants to talk to
> us?
> 
> This could be circumvented (at least) by changing the exchange from 3 to 4
> messages and styling it after base mode instead of aggressive mode.
> 
> If someone else agrees, feel free to point it out; if it's just me, I'll
> go back to my corner :>
> 
> > --Paul Hoffman, Director
> > --VPN Consortium
> 
> -Markus
> 
> -- 
> Markus Stenberg (stenberg@xxxxxxx) of SSH Communications Security (www.ssh.com)
>

References:
- Re: Reminder: last call for PIC in the IPSRA WG
  - From: Markus Stenberg

Prev by Date: Last Call: PIC, A Pre-IKE Credential Provisioning Protocol to Proposed Standard
Next by Date: RE: Reminder: last call for PIC in the IPSRA WG
Previous by thread: RE: Reminder: last call for PIC in the IPSRA WG
Next by thread: RE: Reminder: last call for PIC in the IPSRA WG
Index(es):
- Date
- Thread