[Openswan Users] Key lifetimes (fwd)

Mike Horn lists at caddisconsulting.com
Mon Oct 23 10:44:40 EDT 2006 

Hi Michael,

Thanks for the explanation, in my experience when an IKE rekey fails you
usually also have a problem with IPsec SA's, but since these lifetimes are
configurable, users can configure these with values that they think are
appropriate.

One quick follow up question, you stated "BTW: there are no "maximums", just
recommendations."  The man  page for ipsec.conf states that the max for
IPsec SA lifetimes is 24 hours and the max IKE lifetime is 8 hours, are
these values incorrect?

keylife       <SNIP> (default 8.0h, maximum 24h). </SNIP>

ikelifetime   <SNIP> (default set by ipsec_pluto(8), currently 1h, maximum
8h) </SNIP>

<< Complete man page entries >>

keylife       how long a particular instance of a connection (a set  of
              encryption/authentication  keys  for user packets) should
              last, from successful negotiation to  expiry;  acceptable
              values are an integer optionally followed by s (a time in
              seconds) or a decimal number followed by m, h,  or  d  (a
              time  in  minutes,  hours, or days respectively) (default
              8.0h, maximum 24h).  Normally, the connection is  renego-
              tiated  (via  the keying channel) before it expires.  The
              two ends need not exactly agree on keylife,  although  if
              they  do  not,  there  will be some clutter of superseded
              connections on the  end  which  thinks  the  lifetime  is
              longer.

ikelifetime   how  long the keying channel of a connection (buzzphrase:
              ''ISAKMP SA'') should  last  before  being  renegotiated;
              acceptable   values   as  for  keylife  (default  set  by
              ipsec_pluto(8), currently 1h, maximum 8h).  The two-ends-
              disagree case is similar to that of keylife.

Thanks for your help.

-mike

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Michael Richardson
Sent: Friday, October 20, 2006 6:22 PM
To: users at openswan.org
Subject: Re: [Openswan Users] Key lifetimes (fwd)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It has been asked why the IKE lifetime is 1hr and the ESP lifetime is 8
hours. BTW: there are no "maximums", just recommendations.

First, let's realize that the difference between them is <1 order of
magnitude, actually 3 powers of 2.  So, if an attacker can break AES in less
than 8 hours using some piece of hardware, using 8 copies of that hardware
they can break your IKE session in less than 1 hour.

There is therefore very little cryptographic reason to think that 1 hour and
8 hours are very different. They are very close. 

So what are the operational reasons behind this?

In the absense of Dead Peer Detection, we will attempt to rekey the IKE SA
every hour. That means, we will attempt to determine if the the two hosts
can still communicate once an hour. This may well fail -- we might have
broken DNS servers, or cached data that is stale, etc. Recall that DNS TTLs
of 7200 seconds are common.

We get 7 chances to rekey the control connection before the IPsec SA dies,
and communication fails.  (Well, actually, if we fail it once we try more
often). Recall that TXT records may provide authorization, and so infact a
phase2 rekey may also fail due to DNS issues. Similar arguments apply to
LDAP. We don't retry a phase 1 when a phase 2 fails, and it might be a
problem in the phase 1 authorization that is preventing the phase 2 from
succeeded.

After 8 hours of communications failures, the important communication fails.
You will notice that part.

If we reversed it, we would find our IPsec SA needing rekeying after an
hour, and we'd try the IKE SA. If it had died, then you are SOL. What would
you do then? Probably kill the SA. If it happens regularly, you'd abandon
IPsec and just go clear.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls
[
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net
architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRTloMICLcPvd0N1lAQJU7QgAlIWEzlyR4kgO0g4AJRital/8785DtZTx
yrwmvdVYS+EOmo/mQZXpg1+VtGvihaXVPZP1xrbS6HADp3nNvYKFDWqc/pG0+TnD
clJ8vFYrnQ8aaTsUg3FRNEc/GXMGaQFBpBqPMl/FykUwbDZOEXPdN2ddMbt/W3LI
Ctc8ZBa7hOWk1v260HGS4sidhOxm/pIrFeQ7VD9B0a5/QcuPasRYpfhbYKkReHkT
Cc55ZqTniSudS/ofcmCMpPuFFr19ig5QyIYODRupUBcdpiPMXX74W1tHubOhv82T
l7UoKX1oYonRVFZXB/zl44h5wJPsRVAzBZnCSApdALSZtyXGzwf0mw==
=8j5u
-----END PGP SIGNATURE-----
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list