[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's attack and others like it
Avi, I don't know how other implementations do it. In our (IBM) implemenation,
we don't mark a packet. Rather, we use a policy which exempts messages sent
by key mgmt engines from encryption/authentication. These messages can be
identified by a reserved UDP port number. In this sense, there is no special
mark on a key mgmt message. If the message is delivered to the correct port
on the receiving end, then the process listening on the port should be able
to handle the message. If the message is not delivered to the right port,
then the key mgmt protocol must be able to handle this situtaion. This is like
a eavesdropping attack.
Regards, Pau-Chen
>
> Now, I have a totally different question. At the IETF in
> Danvers, I asked many people that are implementing key
> management, how do you do key management over IP when your
> policy indicates that all IP traffic must be encrypted?
> The answer I got from everyone is that you somehow mark
> the key management packets so that they are allowed. Doesn't
> that violate the independence of the layers in the network?
> If I can mark packets as regular IP or key management IP,
> where do I do this marking? In the kernel? Nobody I talked
> to has actually implemented key management, encapsulation
> and a policy. Shouldn't there be something in the standard
> that mandates or recommends how to achieve all three?
>
> Avi Rubin
>
> *********************************************************************
> Aviel D. Rubin Email: rubin@faline.bellcore.com
> Bellcore (MRE-2M354) ftp://thumper.bellcore.com/pub/rubin/rubin.html
> 445 South St.
> Morristown, NJ 07960 Voice: +1 201 829 4105
> USA FAX: +1 201 829 2645
References: