[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Notes about identifier - locator separator
Ran,
Pekka Nikander wrote:
The key here is state. If the middle box or the receiver
has state (e.g. a cryptographic key or a communication context),
it can check that the arriving packet indeed contains or
implies a known long lasting identifier, and act accordingly.
However, parties that do not have that state cannot find
out the long lasting identifiers.
> On Sunday, Nov 3, 2002, at 08:26 America/Montreal, Masataka Ohta wrote:
For a receiver to retrieve an appropriate cryptographic key or
a communication context for a packet, a long lasting ID in clear
text, as an index to the long lasting database of key or context,
must be carried by the packet.
RJ Atkinson wrote:
SPIs in ESP/AH are examples of IDs contained in a packet used
as an index to the Security Association state. SPIs are not
normally long-lasting -- typically only valid for the lifetime
of the SA (plus epsilon). Any sane key management strategy
involves changing *session* keys *at least* every 24 hours,
even for very strong cryptographic algorithms.
With all respect, I think that the situation is slightly
more subtle. Let me make a usual Alice and Bob style
example.
1. If Alice and Bob have never communicated before
(and don't have a mutual reference point), the
ID Alice sends to Bob does not carry any information.
Summary: a fresh ID carries no information.
Thus, Alice can choose the ID freely, with the
assumption that Bob will associate some state
with the ID. OTOH, the ID must somehow be communicated,
and it will be vulnerable to discosure, even if
unauthenticated D-H is used.
2. If Alice and Bob have communicated before, Alice
has to send the same ID to Bob so that he can retrive
the afore mentioned state. For privacy reasons she
does not want to send it in clear text. If she has
recorded Bob's PK the issue is trivial, of course, but
let's pretend for a while that PK crypto does not exist
(Ohta-san does not believe in PK.)
Now, if Bob knows Alice only by this long lasting ID and
does not have any short term state with Alice, Alice
basically MUST communicate the ID to Bob so that Bob can
retrieve the state. As far as I understand, that is
what Ohta-san says.
OTOH, he is obviously wrong in stating that the ID must
be send in clear text, even in the absense of PK crypto.
There are other means, as you well know.
Summary: An ID must be communicated if one wants to
refer to it, but it does not need to be communicated
in clear.
--Pekka