[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's and Ashar's attacks
> From: smb@research.att.com
> Matt Blaze suggests that a sliding sequence number, a la the original
> swIPe protocol, is the best solution to the replay attacks. The
> original objection to the sequence numbering in swIPe -- and I
> concurred with the objectors -- was that either TCP or UDP-based
> services had to deal with replays anyway, so there was no point to
> replicating the mechanism. The model now is different, and we may wish
> to reopen that discussion.
I tend to favor this approach as well. We need to discuss how
the sequence # will be used; as I recall swIPe used it as an
IV, which wasn't universally accepted. Alternative mechanisms
might be to use the sequence # to derive the traffic key somehow,
if one wasn't computing a MAC over the sequence # plus packet.
Other suggestions?
Also we need to discuss fine-grain (per packet) or more coarse-grain
sequencing (my last I-D discusses one way of achieving the latter).
Regards,
Ashar.