Re: draft-ietf-ipsec-des-md5-00.txt

[Jim Hughes <hughes@hughes.network.com>]

I think Paul has raised a significant point that may be obvious to some, but is 
not obvious to me and is also not obvious from reading this document or from 
reading Oakley.

Paul@Watson.ibm.com wrote
>    James, I would suggest in the esp-DES-HMAC-RP transform, the source and
>    destination addresses of the IP packet (which will carry the IPSEC payload)
>    be included in the HMAC computation to provide a sense of direction. These
>    addresses do not have to appear in the actual packet transmitted.
> 
>    This is to provide some defense against reflection attacks. I think this
>    is necessary since it is likely the same set of keys will be used in
>    both directions.

I agree that reflection attacks need to be considered. Including the IP address 
is something that seems to be version forward dangerous (IPv7). I would suggest 
that different keys for each irection would be a better way to defend reflection 
attacks.

My assumption has been that there will be different keys in each direction, 
and...

Bill Sommerfeld wrote:
> All of the proposed key mgmt protocols I've looked at in any detail
> generate different keys (and different SPI's) in each direction.

in reading Oakley again, this did not seem to be discussed.

I would really hope that we do not need to do two complete sets of D-H/RSA to set 
up a FDX connection? 

If Oakley creates one key and the esp is to create a FDX session, then we should 
be deriving 2 sets of keys, one for each direction. This would also require the 
esp to know which end of the connection that it is so that the derivation can be 
inversely symetrical.

I need some comments here? Hillary?

---

Follow-Ups:

• Re: draft-ietf-ipsec-des-md5-00.txt
• From: Hilarie Orman <ho@cs.arizona.edu>

---

• Next by Date: Re: draft-ietf-ipsec-esp-des-md5-01.txt
• Next by thread: Re: draft-ietf-ipsec-des-md5-00.txt
• Index(es):
  • Main
  • Thread