Ok, I now see what part of your idea I was (sort of) trying to work around. To
make it clear to everyone, I'll spell out the problem we're trying to address,
and how your idea (with a slight addition on my part) could address it.
What we're talking about is "how would someone take a network that's using the
standard IKE implementation, and convert it into a network that uses IKE+PPKs,
and in a way that doesn't cause a flag day, or prevent negotiations from
happening between nodes while the upgrade is in progress.
The idea is that the network admin goes through the nodes, and upgrades them in
order; in step 0, the nodes are running standard IKE, and in the final step,
they are running the full PPK protocol (and insist on using it). For the
upgrade to be bumpless, we require that any node at step i be able to
communicate (as either initiator or responder) with a node at step i-1, i or
i+1 (assuming, of course, that our security policy allows those two nodes to
communicate).
With your idea, there are three steps (and so the admin would update each node
in the network twice):
- Step 0 is "never use PPKs"; we're running the standard IKE protocol.
- Step 1 is "if we're the initiator, then use PPKs if the responder signaled
support for it"
"if we're the responder, then signal support, and allow the use of PPKs"
- Step 2 is "insist on PPKs (and also signal support if we're the responder)"
The issue I was pondering was "what if the admin wants to update only part of
their network (say, as a test)?". As I understood your proposal, the
PPK_SUPPORT notify was always on if any PPKs were configured; indeed, from a
responder side, it has to be that (because the responder has no other context
to issue it or not). However, from an initiator standpoint, it knows who the
responder is (or, at least, it has to; it's the one that selects which PPK to
use); hence, from the initiator standpoint, the PPK_SUPPORT notify could mean
"I have a PPK that I would like to use with you, are you willing?"
With that proviso, then partial upgrades of the network can work; if an
initiator (in the upgraded portion) talks to a responder in an nonupgraded
section (or in an independently upgraded section), it just notes it doesn't
have a PPK, and so doesn't send the notify (and similarly, if it was the
initiator who wasn't upgraded, the responder performs the standard IKE
protocol, and when the responder gets the identity, it can verify whether or
not it would have expected the initiator to be upgraded).
So, how does that sound?
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
