[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replay window

To: Stephen Kent <kent@bbn.com>
Subject: Re: replay window
From: Derrell Piper <piper@tgv.com>
Date: Thu, 03 Oct 1996 15:28:00 -0700
Cc: ipsec@TIS.COM
In-Reply-To: Your message of "Thu, 03 Oct 1996 16:05:06 EDT." <v0213050cae79c4c2c77c@[128.89.0.110]>
Sender: ipsec-approval@neptune.tis.com

Steve,

Thanks for your note.

>        Window negotiation allows for two forms of flexibility.  The
>receiver can declare what window size it is willing to deal with, and the
>transmitter can declare what size it thinks might be appropriate, based on
>some knowledge of the type of traffic (e.g., on a per-association basis).

By, "type of traffic," are you referring to non-security concerns (e.g.
allowing for larger windows over associations with known or assumed high
latency)?  If so, can you suggest a reasonable algorithm for determining
what replay window size a system might request/require?  Or do you think
that this should just be hard-wired to, say, 32 for now, leaving room for
real negotiation in the future should it turn out to be needed?

>        Finally, just a nit about your closing comments.  The sequence
>number is not always encrypted, and it is not signed.  Since ESP now offers
>options for connectionless integrity, anti-replay features, data origin
>authentication, and confidentiality options, one might not encrypt the
>sequence numbers.  The defined algorithms for connectionless integrity do
>not currently include signature algorithms, only keyed hash algorithms.

I'm sorry.  I meant to say that it was included in an HMAC MD5 digest, not
that it was digitally signed.

I assume you're talking about "big E" ESP here and not the actual combined
transform, which does position the replay field within the encrypted
payload.

Do you agree though that supporting a replay window within the AH or ESP
framework does not necessarily introduce vulnerabilities?  A replay counter
that was neither included in a message digest, nor signed, nor encrypted,
would, of course, be vulnerable to denial-of-service attacks and useless
from a security viewpoint.  I think we all agree on that...

I'm not necessarily against negotiated replay window size, if it can be
justified or has some added value.  The problem I have is with arbitrary
claims that things "increase security" by their mere presence.  I do not
think that negotiating a replay window size has any realistic effect on the
security of the specific AH and ESP transforms described in the current
Internet Drafts.

Derrell

References:

Re: replay window

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: replay window
Next by Date: Re: CBC vs. ECB
Prev by thread: Re: replay window
Next by thread: Re: replay window
Index(es):
- Main
- Thread