[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A pothole in ISAKMP/Oakley

To: canetti@watson.ibm.com
Subject: Re: A pothole in ISAKMP/Oakley
From: ho@earth.hpc.org (Hilarie Orman)
Date: Tue, 15 Apr 1997 09:50:44 -0400
Cc: ipsec@tis.com, carrel@ipsec.org, dharkins@cisco.com, pau@watson.ibm.com
In-reply-to: Yourmessage <199704150414.VAA27630@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

The basic problem was noted in January, and the fragility of the use
of the SPI was also noted then.  My preference is to include a state
variable with SKEYID that is an instance number; the state variable
gets incremented every time keying material is generated, and the
keying material depends on the variable.

I will note, however, that if the SPI's are pseudo-randomly generated,
as is required by the spec, then the probability of using the same SPI
twice should be extremely low.  So the implementations that revealed
this problem were defective.

Hilarie

Follow-Ups:

Re: A pothole in ISAKMP/Oakley

From: Dan.McDonald@Eng.sun.com (Dan McDonald)

Another pothole in ISAKMP/Oakley

From: "David P. Jablon" <dpj@world.std.com>

Prev by Date: Re: ESP with stream ciphers
Next by Date: Re: ESP with stream ciphers
Prev by thread: A pothole in ISAKMP/Oakley
Next by thread: Re: A pothole in ISAKMP/Oakley
Index(es):
- Main
- Thread