<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: remote peer shutdown when using pkcipe
From: Tom Mander <tom,AT,proximity,DOT,com,DOT,au>
Date: Wed, 23 Jun 2004 19:15:56 +1000
Organization: Proximity Corp

We use pkcipe for several temporary VPNs from remote sites that are temporary 
in nature,
and I noticed that even with the addition of pkcipe, the basic behaviour of 
cipe shutdown
has not changed, I think perhaps it should.

In basic cipe operation, there are cogent reasons for the remote cipe end to 
stay up,
even when one end goes down - the persistent key/port/options of conventional 
cipe
make it possible/likely that another incoming UDP sesstion may connect.

However, with the more session oriented pkcipe, there will by definition not 
be any
other session connecting with the same key/port parameters. Keeping the 
interface up
(which is done just prior to replacing it with the interface for the new 
session) has
no value, and perhaps is an opportunistic potential security opening (albeit 
diminishingly
small).

There is a CT_KILL mechanism in the protocol - perhaps when started up with 
pkcipe,
a command line flag could be used to set a mode (and perhaps there is value 
in making
it a general option for other circumstances too) where by which instead of 
just printing
out a debug message when the remote peer shuts down - it sends a CT_KILL to 
cause a shutdown
of the remote end.

What do people think?


<< | Thread Index | >> ]    [ << | Date Index | >> ]