[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: replay window
Steve,
Thanks for your note.
> Window negotiation allows for two forms of flexibility. The
>receiver can declare what window size it is willing to deal with, and the
>transmitter can declare what size it thinks might be appropriate, based on
>some knowledge of the type of traffic (e.g., on a per-association basis).
By, "type of traffic," are you referring to non-security concerns (e.g.
allowing for larger windows over associations with known or assumed high
latency)? If so, can you suggest a reasonable algorithm for determining
what replay window size a system might request/require? Or do you think
that this should just be hard-wired to, say, 32 for now, leaving room for
real negotiation in the future should it turn out to be needed?
> Finally, just a nit about your closing comments. The sequence
>number is not always encrypted, and it is not signed. Since ESP now offers
>options for connectionless integrity, anti-replay features, data origin
>authentication, and confidentiality options, one might not encrypt the
>sequence numbers. The defined algorithms for connectionless integrity do
>not currently include signature algorithms, only keyed hash algorithms.
I'm sorry. I meant to say that it was included in an HMAC MD5 digest, not
that it was digitally signed.
I assume you're talking about "big E" ESP here and not the actual combined
transform, which does position the replay field within the encrypted
payload.
Do you agree though that supporting a replay window within the AH or ESP
framework does not necessarily introduce vulnerabilities? A replay counter
that was neither included in a message digest, nor signed, nor encrypted,
would, of course, be vulnerable to denial-of-service attacks and useless
from a security viewpoint. I think we all agree on that...
I'm not necessarily against negotiated replay window size, if it can be
justified or has some added value. The problem I have is with arbitrary
claims that things "increase security" by their mere presence. I do not
think that negotiating a replay window size has any realistic effect on the
security of the specific AH and ESP transforms described in the current
Internet Drafts.
Derrell
References: