[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH/ESP & Replay Protection
> From: daw@cs.berkeley.edu (David Wagner)
> My current view is that a nice way to pass the information to the
> policy engine is using "key K says data D" notation, instead of
> "ip->ip_src says data D".
>
Yes, this is what Karn's code does, too. He passes the SPI up the
stack, and since the SPI is uniquely maintained by the Destination,
it makes a convenient tag for the policy engine to determine the
validity of the data. No Source involved at all!
> Then the policy engine (in this view) should base all policy decisions
> on key-based authentication, and never on IP source addresses. IP
> source addresses would become mainly a convenient "return-address"
> to know where to send responses to, instead of security-critical values.
>
> This is very similar to the approach presented in Lampson, Abadi,
> Burrows, and Wobber's "Authentication in Distributed Systems:
> Theory and Practice."
>
(sigh) Another book to buy?
> IMHO, this viewpoint captures AH's true cryptographic guarantees more
> accurately than a IP-source-addr-based mechanism.
>
An excellent analysis.
My question is: does this mean that it was a waste of time to
authenticate the IP Header, and the other IPv6 Routing Headers and
cruft? If we don't need to authenticate the Source, is there any reason
that we would care to authenticate the path that the data arrived?
If the SPI uniquely determines the policy (as I've long advocated),
there would be no need to authenticate the CIPSO labels, either.
The code didn't turn out to be too bad for IPv4, once we agreed to zero
a lot of fields. But it could be a real simplification for IPng.
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2