[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks



> From: smb@research.att.com
> Matt Blaze suggests that a sliding sequence number, a la the original
> swIPe protocol, is the best solution to the replay attacks.  The
> original objection to the sequence numbering in swIPe -- and I
> concurred with the objectors -- was that either TCP or UDP-based
> services had to deal with replays anyway, so there was no point to
> replicating the mechanism.  The model now is different, and we may wish
> to reopen that discussion.

I tend to favor this approach as well. We need to discuss how
the sequence # will be used; as I recall swIPe used it as an
IV, which wasn't universally accepted. Alternative mechanisms
might be to use the sequence # to derive the traffic key somehow, 
if one wasn't computing a MAC over the sequence # plus packet. 
Other suggestions? 

Also we need to discuss fine-grain (per packet) or more coarse-grain 
sequencing (my last I-D discusses one way of achieving the latter).

Regards,
Ashar.