On Mon, 31 Aug 2020, Michael Richardson wrote:
Tero Kivinen <kivi...@iki.fi> wrote:
> Normally the ticket is encrypted with key that is changed every time
> the server configuration changes, which means changing the server
> configuration will invalidate all tickets.
This is probably a rather bad thing.
In many cases there is a single configuration "template" which applies to all
users who authenticate with a certificate from a certain CA, or with a login
matching some pattern.
In order to store the configuration serial number, on a per-user basis, then
some state is created a per-user basis. This does not sound like a horrible
thing to me, but it is probably something new.
What we did for libreswan was to add a connection serial number and
place this in the encrypted ticket. So if the ticket is presented, the
connection serial is looked up. If it does not exist, the ticket is
invalid. Whenever the connection template is reloaded, meaning the
connection configuration could have changed, the serial number is
changed. This ensures that a reloaded connection on server invalidates
all issued tickets.
We are planning to use an encryption key that is generated every once in
while (prob 24h) and we will keep the last replaced key around for a
little while as well. We are still looking at the best working lifetimes
and how we will interact these with ike lifetime, ipsec lifetime and
re-authentication lifetime.
If one keeps the parent SA around, then one has some state in which to store
per-user data.
If you keep that around on the server in a dormant state, you will
quickly connect too many of these when you have thousands of clients
continuously reconnecting. And a lot of lookups to delete these old
IKE SA's when the client has started a new one without resumption. I
don't see a use case for this, provided an errata clarifies the liveness
triggered server deletes and the client suppresses deletes when it has
a ticket to resume and its state says it should remain up.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
