[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Sequence Number

To: ipsec@tis.com
Subject: RE: Sequence Number
From: Ran Atkinson <rja@inet.org>
Date: Fri, 11 Jul 97 19:24:50 GMT Daylight Time
References: <01BC8DD9.ECEEE4B0@BIGHUGE>
Sender: owner-ipsec@ex.tis.com



> >   Thereafter, the value is monotonically increased for each datagram
> >   sent.  A replacement SPI SHOULD be established before the value
> >   repeats.  That is, no more than 2**32 datagrams SHOULD be sent with
> >   any single key.
> 
> A replace SPI MUST be established before roll over.  More than 2**32 datagrams
> MUST not be sent under a single key.   We've always defined 0 as a replay
> condition.  This goes back the 64 bit sequence number ... event ...  Even
> if the receiver isn't checking the replay field, senders will know when they are 
> going to send more than 2**32 and force a re-key.  

  I'd propose a more precise version of the above, perhaps something like:

	"A replacement IPsec Security Association MUST be established before
	the original IPsec Security Association rolls over its sequence
	number space or otherwise expires.  More than 2**32 IP datagrams
	MUST NOT be sent using the same IPsec SA when anti-replay protection
	is in use.  The replacement IPsec Security Association will, of
	course, have a different SPI than the original IPsec Security
	Association."

	I think perhaps the origin of the WG's confusion is the use of
	the term "rekey".  The process of rekey does not retain an SA
	and merely change the keys.  Rather, the rekey process creates
	an entire new SA to replace the original SA.  Now it might commonly
	be the case that the new SA has nearly all of its attributes 
	(not including SPI or crypto keys) the same as the original SA,
	but it is still a new SA.

	In general, SPIs are just 32-bit opaque numbers used in conjunction
	with the Destination Address to identify an SA.  SPIs do not have
	sequence numbers, keys, or other stuff.  By contrast, an SA does
	contain an SPI, identities, keys, sequence numbers, and other stuff.

	I hope this helps.

	On an unrelated note, I've been reading the bits about covert channels.
	My own take on this would be:
		- The specifications ought not preclude an implementation
		  from providing covert channel protections.
		- The specifications ought not require that all implementations
		  provide such protections.

Ran
rja@inet.org

References:

RE: Sequence Number

From: Rob Adams <adams@cisco.com>

Prev by Date: Comment cutoff! For now.
Next by Date: Re: Sequence Number for streaming ciphers?
Prev by thread: RE: Sequence Number
Next by thread: RE: Sequence Number
Index(es):
- Main
- Thread