[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A pothole in ISAKMP/Oakley
> From ho@earth.hpc.org Tue Apr 15 14:32:44 1997
> Date: Tue, 15 Apr 1997 14:23:33 -0400
> From: ho@earth.hpc.org (Hilarie Orman)
> Message-Id: <199704151823.OAA04580@earth.hpc.org>
> To: pau@watson.ibm.com
> Cc: Dan.McDonald@Eng.Sun.COM, canetti@watson.ibm.com, ipsec@tis.com
> In-Reply-To: Yourmessage <9704151748.AA23438@secpwr.watson.ibm.com>
> Subject: Re: A pothole in ISAKMP/Oakley
> Content-Length: 537
> Status: RO
>
> > Also, it is possible to run a pseudo-random generator once, and use the
> > new random value as SPI for both ESP and AH (since the spec also says
> > they
> > have separate SPI-spaces, see section 2.1 of ISAKMP draft 7). Is this
> > broken ?
> > I guess it is a border-line case.
>
> The requirement for pseudo-random SPI's was not motivated by key management
> concerns, but rather to protect against denial of service attacks, I thought.
You are right. But since Quick Mode Exchange is proteted
(encrypted and authenticated) by the phase 1 ISAKMP SA,
clogging attack should not be a big problem.
Ran's msg is about OAKLEY Quick Mode KEYMAT derivation,
NOT phase 1 main mode.
Regards, Pau-Chen
Follow-Ups: