[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

replay attacks

To: ipsec@ans.net
Subject: replay attacks
From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
Date: Wed, 13 Sep 95 08:55:40 EDT


  I had thought that there was consensus at Danvers (particularly
after Steve Bellovin outlined his active attack) that we ought to have
an ESP transform that combined DES and MD5.  If someone is motivated
and has the time to write up such a transform for the WG to review and
discuss, that would seem useful to me.  I would very probably add such
a transform to the NRL implementation of ESP once it had undergone
review within the WG.

  As to adding sequence numbers to AH, there remain 16 bits of reserved
space in the AH header.  Would it be sensible to have a 16 bit sequence 
number there ?  If not, then what do folks think the replay attack 
detection mechanism should look like ?

Ran
rja@cs.nrl.navy.mil

speaking for himself, not as co-chair... :-)

Prev by Date: Bill's emails
Next by Date: Re: replay attacks
Prev by thread: Re: replay attacks
Next by thread: Re: replay attacks
Index(es):
- Main
- Thread