[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A pothole in ISAKMP/Oakley

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: A pothole in ISAKMP/Oakley
From: Dan.McDonald@Eng.sun.com (Dan McDonald)
Date: Tue, 15 Apr 1997 09:42:43 -0700 (PDT)
Cc: ipsec@tis.com
In-Reply-To: <199704151350.JAA26384@earth.hpc.org> from "Hilarie Orman" at Apr 15, 97 09:50:44 am
Sender: owner-ipsec@ex.tis.com

> I will note, however, that if the SPI's are pseudo-randomly generated,
> as is required by the spec, then the probability of using the same SPI
> twice should be extremely low.  So the implementations that revealed
> this problem were defective.

Hilarie is right.  SPI values must be {pseudo-,}randomly generated, if I
remember the specs correctly.  Implementations that do otherwise are probably
broken.

Dan

Follow-Ups:

Re: A pothole in ISAKMP/Oakley

From: Stephen Kent <kent@bbn.com>

References:

Re: A pothole in ISAKMP/Oakley

From: ho@earth.hpc.org (Hilarie Orman)

Prev by Date: Re: ESP with stream ciphers
Next by Date: Re: A pothole in ISAKMP/Oakley
Prev by thread: Re: A pothole in ISAKMP/Oakley
Next by thread: Re: A pothole in ISAKMP/Oakley
Index(es):
- Main
- Thread