[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: End to End integrity (was 4 byte vs 8 byte IVs for DES)

To: karn@qualcomm.com
Subject: Re: End to End integrity (was 4 byte vs 8 byte IVs for DES)
From: "Perry E. Metzger" <perry@imsi.com>
Date: Mon, 19 Dec 1994 21:52:44 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Mon, 19 Dec 1994 17:34:17 PST." <199412200134.RAA03111@unix.ka9q.ampr.org>
Reply-To: perry@imsi.com


Phil Karn says:
> I haven't thought as much about multicast, but it seems to me there's
> not much you can do to protect against a rogue member who already has
> the session key. Other than rekeying to exclude him, of course.

The problem is, in my mind, that someone OUTSIDE the group can switch
around headers on you without needing the key. The SAID is shared by
all members of the multicast group so anyone outside the group could
swap source addresses at will.

This is not necessarily a horrible opening, but we ought to consider
the consequences of not authenticating the addresses carefully. Just
because we can't think of attacks to exploit this offhand doesn't mean
that a clever attack might not be out there. That doesn't mean we
should adopt a pseudoheader approach, but I think we shouldn't be too
hasty on this point.

.pm

References:

Re: End to End integrity (was 4 byte vs 8 byte IVs for DES)

From: Phil Karn <karn@unix.ka9q.ampr.org>

Prev by Date: Re: End to End integrity (was 4 byte vs 8 byte IVs for DES)
Next by Date: Re: Size of IV field in DES-CBC mode
Prev by thread: Re: End to End integrity (was 4 byte vs 8 byte IVs for DES)
Next by thread: Re: Address as IV [was] Size of IV field in DES-CBC mode
Index(es):
- Main
- Thread