Re: why is SA lifetime kilobyte limit disabled in racoon?

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On May 18, 2011, at 10:15 38PM, hsuenaga%iij.ad.jp@localhost wrote:

> Hi Matthias,
> 
> I've heard about one of the problem of supporting life-bytes is
> "when is IPsec-SA marked as used?"
> 
> When Node-A sent a 1500 bytes packet to Node-B, Node-A marked
> IPsec-SA as used and count used-bytes up. But the packet may
> lost. In this case, Node-B can't count used-bytes. Even if
> Node-A think IPsec-SA is expired at this time, Node-B doen't
> think so. i.e. the states of IPsec-SA is mismatched.
> 
> Racoon's strategy of rekeying is "Initiator do it." If Node-B
> is responder, Node-A doesn't start rekeying even if IPsec-SA is
> expired.
> 
> The packet may lost in Internet, and also lost in protocol stacks.
> Works of protocol stacks are implementation issue. So life-byte
> behavior has interoperability problem.
> 
> 
> I don't know this is all of the problem or not...
> I want to know other reasons if someone know it.

While I don't know the precise reason, I will note that byte
count expiration is much less of an issue with AES than with
DES or 3DES.

The problem with DES and 3DES is that they use 64-bit blocks,
which means that you start running into birthday paradox problems
after 2^32 blocks, i.e., 2^35 bytes.  On modern, high-speed nets,
that isn't at all out of the question.  AES, by contrast, uses
128-bit blocks, which raises the threshold to 2^68 bytes, which
is about 7000 years at 10GigE speeds...

                --Steve Bellovin, https://www.cs.columbia.edu/~smb