[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: My current thoughts on IPSEC

To: "Housley, Russ" <housley@spyrus.com>
Subject: Re: Re[2]: My current thoughts on IPSEC
From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>
Date: Fri, 20 May 94 08:27:10 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of "Thu, 19 May 94 21:24:10." <9404197694.AA769407850@uu0892.spyrus.com>

Russ,

From:  "Housley, Russ" <housley@spyrus.com>
Encoding:  1299 Text
To:  dee, ipsec@ans.net, atkinson@itd.nrl.navy.mil
>
>Donald and Ran:
>
>> ...  Also, it might >be useful to indicate that the SAID might be
>> directional (e.g. A-->B >uses SAID 1 and B-->A uses SAID 5)
>> because this eliminates the need >for direction bits.
>
>The direction of the datagram is not authenticated in this approach.  
>When the same key is used to protect traffic from A to B and from B to 
>A, then a mechanism is needed to ensure that an attacker does not simply 
>swap the from and to addresses.  The SAID suggestion does not provide 
>sufficient protection.  With this approach, the attacker simply swaps 
>the addresses and changes the SAID.  After watching one datagram in each 
>direction, the attacher will have all of the information necessary to 
>"reflect" the traffic back to the originator.

I think the simplest answer is not to use the same key for both
directions.

>There must be some indication of direction which is cryptographically 
>protected with the datagram.
>
>
>> I also included an optional time stamp so you need a bit to say
>> if it is present or not.  This bit and time stamp could have been
>> in the clear or encyrpted header.  They need to be authenticated
>> but there is no need to encyrpt the time stamp.  If present, its
>> just the "current" time.
>
>How is the timestamp used?  I do not see how these are authenticated?  What 
>security service do they provide?

In my PIPS proposal, the time stamp, along with the black flags, is
included in the calculation of the authentication tale.  If present it
is supposed to be set to the current time by the sender so the
receiver can reject old messages.  Receivers are not required to
implement it and can ignore time stamps.  When designing my packet
layout, I tried to make fixed length fields, like the time and true
source and destination addresses, optional fields whose presence is
indicated by an option bit in the one byte each of black and red
flags, and put variable length things like certificates or labels or
OIDs for algorithms as self delimiting items in the variable length
options structures.

>Russ

Thanks for your comments,
Donald

References:

Re[2]: My current thoughts on IPSEC

From: "Housley, Russ" <housley@spyrus.com>

Prev by Date: Re[2]: My current thoughts on IPSEC
Next by Date: Re: Tunnel Establishment Protocol II
Prev by thread: Re[2]: My current thoughts on IPSEC
Next by thread: Re: Re[2]: My current thoughts on IPSEC
Index(es):
- Main
- Thread