[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A pothole in ISAKMP/Oakley

To: pau@watson.ibm.com
Subject: Re: A pothole in ISAKMP/Oakley
From: ho@earth.hpc.org (Hilarie Orman)
Date: Tue, 15 Apr 1997 14:23:33 -0400
Cc: Dan.McDonald@Eng.sun.com, canetti@watson.ibm.com, ipsec@tis.com
In-reply-to: Yourmessage <9704151748.AA23438@secpwr.watson.ibm.com>
Sender: owner-ipsec@ex.tis.com

>  Also, it is possible to run a pseudo-random generator once, and use the
>  new random value as SPI for both ESP and AH (since the spec also says
>  they
>  have separate SPI-spaces, see section 2.1 of ISAKMP draft 7). Is this 
>  broken ?
>  I guess it is a border-line case.

The requirement for pseudo-random SPI's was not motivated by key management
concerns, but rather to protect against denial of service attacks, I thought.

> Will it interop, I think so.

I didn't realize that the IETF had strict constructionists!

Hilarie

Prev by Date: Re: A pothole in ISAKMP/Oakley
Next by Date: Re: A pothole in ISAKMP/Oakley
Prev by thread: Re: A pothole in ISAKMP/Oakley
Next by thread: Re: A pothole in ISAKMP/Oakley
Index(es):
- Main
- Thread