[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ipsec-ah-md5-00.txt
Ref: Your note of Tue, 17 Jan 1995 10:46:47 -0500 (attached)
> Subject: Re: draft-ietf-ipsec-ah-md5-00.txt
> In-Reply-To: Your message of "Tue, 17 Jan 1995 09:49:45 EST."
> <199501171502.AA20195@interlock.ans.net>
> Reply-To: perry@imsi.com
> X-Reposting-Policy: redistribute only with permission
> Date: Tue, 17 Jan 1995 10:46:47 -0500
> From: "Perry E. Metzger" <perry@imsi.com>
>
>
> hugo@watson.ibm.com says:
> > Just including the length as an authenticated field is NOT enough.
> > To defeat the trivial appending attack on key-prepended MD5 one
> > needs to specify that the length value appears in a FIXED OFFSET
> > from the begining of the information being authenticated (e.g.,
> > it is the first value in that information, or appears starting in
> > byte 8, etc.).
>
> It does. See rfc791 on IP. Total length always occupies the third and
> fourth octet of the IP header.
>
The minimal thing is to explicitely write in the draft that one is relying
on the fixed offset for security; a better thing is not to rely on that
and append the key.
Hugo