[cryptography] very little is missing for working BTNS in Openswan

Nico Williams nico at cryptonector.com
Thu Sep 12 15:04:08 EDT 2013


On Mon, Sep 09, 2013 at 10:25:03AM +0200, Eugen Leitl wrote:
> Just got word from an Openswan developer:
> 
> "
> To my knowledge, we never finished implementing the BTNS mode.
> 
> It wouldn't be hard to do --- it's mostly just conditionally commenting out
> code.
> "
> There's obviously a large potential deployment base for
> BTNS for home users, just think of Openswan/OpenWRT.

Note: you don't just want BTNS, you also want RFC5660 -- "IPsec
channels".  You also want to define a channel binding for such channels
(this is trivial).

To summarize: IPsec protects discrete *packets*, not discrete packet
*flows*.  This means that -depending on configuration- you might be
using IPsec to talk to some peer at some address at one moment, and the
next you might be talking to a different peer at the same address, and
you'd never know the difference.  IPsec channels consist of ensuring
that the peer's ID never changes during the life of a given packet flow
(e.g., TCP connection).  BTNS pretty much requires IPsec configurations
of that make you vulnerable in this way.  I think it should be obvious
now that "IPsec channels" is a necessary part of any BTNS
implementation.

Nico
-- 


More information about the cryptography mailing list