At 11:15 PM +0530 4/20/09, Lakshminath Dondeti wrote: >Before the one roundtrip mechanism is deleted, could you summarize how the >security issue that was raised is applicable under the threat model we work >with?
No, I can summarize it after it is deleted, given that I deleted it in my last message. The security issues that Pasi sent to the mailing list over a month ago include: - A replay of a ticket can cause exhaustion of many resources, not just CPU or state on the gateway. Pasi listed these about a month ago. - A replay of a ticket can cause a legitimate resumption to fail, depending on the algorithms used in the IKE SA. This is unrelated to your, um, interesting logic about RFC 3552. The WG can decide its threat models as it sees fit. >The IKEv2 RFC really defines what is in scope. Server state exhaustion >attacks are not in scope for being mandatorily made "more difficult" for some >definition of more. I don't see anything in RFC 4306 that limits the scope of the threat models for extensions. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
