[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Modify feature of Change_Message



> From: Hilarie Orman <ho@cs.arizona.edu>
> Imagine A sending two change messages for the same SPI to B.  Each
> message changes the validity-choice method to a different algorithm.
> E replays the first message, and now A and B are out of sync.
> Actually, if one of the messages is lost, it would seem that similar
> trouble would result.
>
The Validity-Choice is pertinent only to that single Change_Message.
Every Change_Message carries a Validity-Choice.  It has no relation to
any SPI.  So, it is not possible to get out of sync:

   Validity-Choice  variable.  A cryptographic hash function is selected
                    from the peer's list of supported Attributes, and
                    used to provide message integrity.

                                ----

   Attribute-Choices
                    variable.  A list of one or more attributes for the
                    Security Association, selected from the list of
                    Attributes sent by the peer.

Instead, let us assume that you _meant_ two different authentication or
encryption Attribute-Choices for the same SPI.  This is not expressly
illegal, although it boggles the mind.  The whole purpose of having
multiple SPI values is to establish such _different_ Security
Associations.  Indeed, it would appear at first examination that a
replay would be possible in that improbably bad implementation.

However, the length of time that such a replay can occur is limited by a
second feature, which is fundamental to Photuris.  The public-values are
changing on a regular basis.  When the public-value changes, the cookies
will no longer match at that party, and the Photuris exchange will begin
again from the cookie exchange.

Ran and NSA asked for the ability to modify attributes on the fly.
Thus, it is a recent addition to Photuris.  If they don't give a better
reason for needing the facility, I would be happy to restrict it again
to adding/deleting entire SPIs.

Or, if they would like, we could restrict it to only certain attributes,
which are individually specified.  So far, there is only one that has
been mentioned as a candidate for modification -- Sensitivity Label.

BTW, as the modify feature is relatively new, that old crufty message
for which you became apologist could not have been refering to it.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2