Re: replay attacks

["William Allen Simpson" <bsimpson@morningstar.com>]

> From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
>   I had thought that there was consensus at Danvers (particularly
> after Steve Bellovin outlined his active attack) that we ought to have
> an ESP transform that combined DES and MD5.

I do not agree.  It was clear that when ESP algorithms do not provide
interity, then an AH is needed, also.

I have absolutely no interest in a thousand permutations of encryption
and authentication transforms.  Separate ESP and AH suit me just fine!

Combining AH and ESP in one header is yet another case of too many cooks
spoil the soup....

Photuris is quite capable of negotiating a single SPI which generates
both AH and ESP headers in every packet, or separate SPIs for each,
however and whenever needed for implementation policy.


>   As to adding sequence numbers to AH, there remain 16 bits of reserved
> space in the AH header.  Would it be sensible to have a 16 bit sequence
> number there ?
>
Well, swIPe had sequence numbers, and "WG consensus" was to remove them.
Yet another instance where a few good designers were overridden by a
hundred bad ones.  The Steves have now admitted they were wrong....
Hopefully, the rest of you will follow.

The next draft of AH should have sequence numbers.  I hope that you get
the draft ready soon, Ran.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

---

• Prev by Date: replay attacks
• Next by Date: Re: replay attacks
• Prev by thread: replay attacks
• Next by thread: Re: replay attacks
• Index(es):
  • Main
  • Thread