[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: replay attacks
> From: Steve Kent <kent@BBN.COM>
> If you reread my recent message on this topic, you'll find
> that I changed my mind about sequence numbers not based on the
> rationale put forth by the swipe proponents, but as an anti-replay
> countermeasure in the context of denial of service attacks. So, yes,
> I did change my mind, but I did not do so because I "saw the light"
> in the arguments put forth by the original proponents.
>
That's certainly odd.... To quote SwIPe:
Packet sequence number
This field protects against replay attacks and may also be used
for synchronization by a stream cipher. It is unique within
the context of an endpoint pair (common source/destination
address and Policy identifier). It is incremented by one with
every packet sent, and initialized whenever the hosts
re-negotiate keys and/or policies.
The hosts MUST renegotiate crypto variables before the packet
sequence number wraps around. A host MUST NOT accept duplicate
packets; this may be achieved by only accepting packets which
increment the sequence number, or maintaining a small window
of acceptable packet numbers.
Seems to me that was the _main_ rationale; perhaps you just forgot.
> ... I worry that the current definition for AH is
> rather schizophrenic in terms of what data is covered by the
> authenticity/integrity check. It would be much cleaner if AH always
> covered a whole IP datagram.
Huh? It _does_ always cover the whole datagram!
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2
Follow-Ups: