[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: replay attacks
In message <199509082327.AA24179@interlock.ans.net>, Steve Kent writes:
>It included a replay countermeasure facility. It might be appropriate
>to revisit that feature and ask whether it has a place in either AH or
>ESP.
I'm not entirely sure that it does, though it might need to. If
a packet is authentic, it is authentic no matter how many times you get
it so long as it isn't modified. Similarly, if you get an encrypted packet,
as long as it decrypts properly, the encryption/decryption is sucessful.
I believe that it is intended that ULPs handle replays much as they would
handle normal duplicate packets (usually, this will mean just discarding
them).
> Unfortunately, if we follow this course, then we might have a
>DES-CBC sub-type, a DES-CBC with integrity subtype, a triple-DES CBC
>w/o integroty subtype, ... I'm afriad that is a natural outgrowth of
>the current structuring of ESP and its subtypes. I would rather have
>ESP become a non-trivial payload definition that included these
>facilities as options, so that the sub-types of ESP really were only
>algorithm/mode specific, not algorithm, mode, and other features.
>Perhaps this latter approach can be considered as we gain experience
>with the current versions of AH and ESP.
I think that the current design is an explicit statement that we
know that we all have a lot to learn here. We're going to have to implement
something and gain experiences with security. Then we can design a better
protocol and repeat the process again.
-Craig
References: