[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A question/comment on how the SPI is used
-----BEGIN PGP SIGNED MESSAGE-----
[ To: IPSec discussion list ## Date: 10/25/96 09:14 am ##
Subject: A question/comment on how the SPI is used ]
As I understand it, the SPI is used in ESP to make sure that both
the sender and receiver are using the same set of security
parameters. I was curious why, when we do authentication, we don't
include the hash of those security parameters (this isn't included
in the packet, just in the MAC computation). This seems like it
would make it much harder for some flaw in an individual
implementation (or in parameter negotiation) to allow the sender and
reciever to get out of synch in these parameters. If they don't
have identical parameters, then the MAC no longer verifies properly.
This seems to transform a lot of potentially very hard-to-spot flaws
into very visible ones.
Is there a reason this sort of thing is a bad idea? It shouldn't
add much processing overhead--hash the parameters once, and then
add 20 bytes (for SHA) to the data to be MACed. Most of the time,
this doesn't lead to even one more compression function call for the
hash function.
--John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMnG7pEHx57Ag8goBAQGdpAQAlDmhxv40CH3QYEq0csizOQ8+bBpsn6I1
EibzkR/ZEigOF0tIeauC+nU3rz9HcvG/IcOSAz2nc9oE6c+HaZ0u5iYF5ly7E6uK
zKpN8nKnheTXPJE3CiDOZSKesIkk3SeucpG4OiEO9Ok/y1cGadejTlwfImCaWgm4
9Qiaa70kV/4=
=vJnw
-----END PGP SIGNATURE-----