[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

users and connections

> From: Bob Monsour <rmonsour@hifn.com>
> Can  you explain the wording in the Security Considerations section of your
> drafts:
I'll do my best, albeit Perry wrote most of the Security Considerations,
but it seems reasonably clear to me.

> >   ered cryptographically strong.  In this situation, user or connection
> >   oriented integrity checking is needed [RFC-1826].
> Why "connection oriented"?  I didn't see anything in RFC 1826 about
> connection oriented integrity.

RFC-1826 provides integrity:

   The Authentication Header is a mechanism for providing strong
   integrity and authentication for IP datagrams.  ...

Perhaps you could become more familiar with the Bellovin paper?

The attack described involves mutually suspicious users.  To prevent the
attack, the SPI keying should be on a per user (or for proxying
firewalls, per connection) basis.  Otherwise, the attacking user has
access to the SPI, and can trivially decode the traffic.

> In an IP environment, I would expect
> to see (strong) "connectionless integrity".  Especially since the
> previous sentence mentioned ICMP and UDP, which are not connection
> oriented protocols.
You must be coming from an ISO-speak environment.  IP has the concept of
"datagram", not "connectionless"; connections are the next level up.

Usually, when we talk about "connection", we mean a set of datagrams
with the same IP Source and Destination, and the same port numbers at
the transport layer.  A proxying firewall uses the connection to setup
and distinguish a Security Association.

Also, the Sequence Number field orders datagrams.  That forms a
connection over all the datagrams for the SA, by any definition.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2