[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replay attacks

To: "Theodore Ts'o" <tytso@MIT.EDU>, smb@research.att.com
Subject: Re: replay attacks
From: Robert Moskowitz <rgm3@is.chrysler.com>
Date: Mon, 18 Sep 1995 11:18:58 -0400
Cc: "David A. Wagner" <dawagner@phoenix.Princeton.EDU>, ipsec@ans.net

At 08:51 PM 9/13/95 -0400, Theodore Ts'o wrote:
>   From: smb@research.att.com
>   Date: Wed, 13 Sep 95 19:53:05 EDT
>
>   The sequence number must be big enough that no packet using it can
>   be replayed during the lifetime of a key.  32 bits is demonstrably
>   insufficient; if my arithmetic is right, at FDDI speeds such a counter
>   would cycle in just a few hours.  48 bits would suffice, though if
>   line speeds get much above 10 giabits/second we may have to cut our
>   key lifetime a bit.
>
>At the risk of having people who worry about low speed lines run out and
>lynch me (although I could imagine some creative header compression
>algorithms could be done if necessary), would it perhaps be a good idea
>to go to 64 bits for the sequence number?  This has the further
>advantage of keeping things 32-bit aligned, which I thought was
>something that preferred to do, at least for IPv6.  For IPV4, of course,
>this isn't an issue.

Can I again make a plea for an ESP + AH + Compression Transform?????

This will be critical in support of IPSP for dialup users.  This could
transform (pun intended) the nature of corporate remote connectivity!

Even if you have to go with a patented compression.  Seems like they are all
patented.  Put the necessary wording in the document.

Just get it done, please????

Hope to see you all at Dallas.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Prev by Date: Re: going forward
Next by Date: Re: Photuris questions
Prev by thread: Re: replay attacks
Next by thread: Bill's emails
Index(es):
- Main
- Thread