Re: Bellovin's and Ashar's attacks

[smb@research.att.com]

	 I've been meaning to question this idea of encrypting only the
	 transport data.  It seems pretty innocuous until it leads us
	 to issues such as user-oriented keying.  I'm concerned that
	 this is a case of "creeping featurism" and that it is making
	 the IPSEC objectives too large and too complex.

	 ...

	 Remember also that the most effective security mechanisms
	 typically are the ones that are the simplest and most
	 effectively focussed.

You may be right -- but remember that the attacks we've been talking about
for the last few days are hardest to deal with if one sticks strictly
to network layer concepts.  Ashar's attack -- a simple replay -- is
difficult to counter because the the legitimate user and the enemy
can occupy the same end point at different times.  That is, it's
perfectly reasonable to demand that a higher-level service or protocol
be immune to replays -- but in this case, there are *two* services
occupying the endpoint serially.

Matt Blaze suggests that a sliding sequence number, a la the original
swIPe protocol, is the best solution to the replay attacks.  The
original objection to the sequence numbering in swIPe -- and I
concurred with the objectors -- was that either TCP or UDP-based
services had to deal with replays anyway, so there was no point to
replicating the mechanism.  The model now is different, and we may wish
to reopen that discussion.

---

• Prev by Date: Re: Bellovin's and Ashar's attacks
• Next by Date: Re: Bellovin's and Ashar's attacks
• Prev by thread: Re: Bellovin's and Ashar's attacks
• Next by thread: Re: Bellovin's and Ashar's attacks
• Index(es):
  • Main
  • Thread