[anonsec] details of IKE/IPsec channel binding
Nicolas Williams
Nicolas.Williams at sun.com
Sun Apr 1 15:35:34 PDT 2007
On Sun, Apr 01, 2007 at 05:44:30PM -0400, Michael Richardson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> Nicolas> This needs to work for IKEv1. Assuming that the IKE_SA is
> Nicolas> still around is not a good assumption.
>
> I have no problem with requiring that the IKE_SA remain around.
> Seriously.
The channel initiator (client) can certainly keep it around. The
server need not have any idea that it will have to keep it around.
What we could do is make the connect() fail if the client were to
retransmit a TCP SYN (or whatever) protected by a child SA of a
different IKE_SA even though for the same peer.
But how do you make that work for connect()ed UDP sockets? Or perhaps
we should say that connect()ed UDP sockets don't have channel bindings,
use IPsec APIs instead of connected UDP socets. I'd be willing to live
with that.
Nico
--
More information about the ANONSEC
mailing list