Narayanan, Vidya writes: > Somehow, we in the IETF think that we can make decisions for other > standards bodies, especially ones that do real deployments. I don't > know how we can say things like they should always use the IKE SA > whether they need it or not - there can be several reasons not to > use it when they don't need it, including how some VPN vendors may > charge.
It is impossible for IETF to think about those other standard bodies, as we do not know what they plan to do. I have several times tried to get people to explain me the use case for which this protocol has been aimed for, so I could think whether some specific attack or optimization is suitable or not, but as only reply I have received is, that it is outside the scope of this discussion, then there is really no point of blaming people for making decisions for other standard bodies. What else can we do? Nobody has still explained me why the 1 RT protocol is required for those other standard bodies, and why should the security of this protocol be weaker because of the requirements from those other unknown standard bodies. > Also, mobility may need to be handled by MIP6 and we know that it > doesn't co-exist with MOBIKE. That is news for me. One of the reasons MOBIKE was created was to allow it to be used as building block for Mobile IP. So why does not MIP6 and MOBIKE co-exits? We at least tried to make MOBIKE so it could be used by Mobile IP, and there were Mobile IP people taking part in the specification process back then. So what is the exact problem there? I am thinking it might not be worth of standardizing the resumption at all, if we for that again hear 3 years after we finished the work that it cannot be used because of some unspecified reason. > I'm also further intrigued by this attack we are so passionately > discussing - the motivation for the attacker here is to annoy other > users? Almost all DoS attacks are only there to annoy the users. If someone uses DoS attack to bring some web server or dns-name server or similar down for few hours, that is just annoying users. Everything will work again when the attacks stops, and might even work during the attack but access might be much slower than normally. > Surely, the attacker gets nothing meaningful in return - I > simply can't see how the risk of such an attack can be anywhere > close to even medium - it is barely low in my view. Most of the DoS attackers are not wanting to get something meaningful in return. I still think we need to design protocols so they are secure against such attacks. And it is not only against protecting against the attacks, this is also against normal working of the protocol. I.e. if sending one packet whose response packets gets lost, can destroy state from the server, in such way that client cannot detect that, and needs to start IKE SA creation from the beginning, I consider even that a big problem. When we were specifying the MOBIKE we made sure it works also in cases where some of the network connections are one-way, i.e. no return packets get back. It consideres such links broken, and does not use them. This was considered important to get it right, because in that environment it was seen that quite often the links it might see might have such unidirectional properties, and the whole protocol cannot be broken because of one such link. With resumption the whole protocol breaks down if such unidirectional link is ever tried to be used. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
