Sequence Number field for manually configured SAs

["Steve Klein (254-5623)" <steveklein@vnet.ibm.com>]

I am confused on how the Sequence Number field for ESP should be handled
for manually configured SAs, especially with respect to implicit IVs.
The latest ESP draft, draft-ietf-ipsec-esp-v2-00.txt (dated 21 July 1997),
contains the following two passages:

   2.2  Sequence Number
   
  .
   
  .
   
  .
      The Sequence Number is mandatory.  It is always included in an ESP
      packet, to ensure alignment of the Payload field on an 8-byte
      boundary (in support of IPv6).  Even if authentication is not
      selected as a security service for the SA, or if ESP is employed in
      an IPv4 environment, this field MUST be present.
   
      Processing of the Sequence Number field is at the discretion of the
      receiver, i.e., the sender MUST always transmit this field, but the
      receiver need not act upon it (see the discussion of Sequence Number
      Verification in the "Inbound Processing" section below).


   5.  Conformance Requirements
   
      ......................  If the key used to compute an ICV is manually
      distributed, correct provision of the anti-replay service would
      require correct maintenance of the counter state at the transmitter,
      until the key is replaced, and there likely would be no automated
      recovery provision if counter overflow were imminent.  Thus a
      compliant implementation SHOULD NOT provide this service in
      conjunction with SAs that are manually keyed.                 


Based on these passages, one could assume that for manual SAs you should
send the Sequence Number field in the ESP but do not increment any
counters (to avoid the rollover of the field).

The latest ESP DES-CBC transform draft, draft-ietf-ipsec-ciph-des-derived-00.txt
(dated July 1997), contains the following passage:

   5.1.  ESP Sequence Number

      The Sequence Number is a 32-bit (4 byte) unsigned counter.  This
      field protects against replay attacks, and may also be used for syn-
      chronization by stream or block-chaining ciphers.

      When configured manually, the first value sent SHOULD be a random
      number.  The limited anti-replay security of the sequence of data-
      grams depends upon the unpredictability of the values.


This passage leads me to believe that for manually configured ESP SAs,
one should initialize the Sequence Number field to a random number,
increment the field for each subsequent packet, and not worry about
the rollover of the field.

Which interpretation is correct?  I assume the same interpretation would
also apply to the handling of the Sequence Number field in the manually
configured AH SAs.

Steve Klein

---

Follow-Ups:

• Re: Sequence Number field for manually configured SAs
• From: Rodney Thayer <rodney@sabletech.com>
• Re: Sequence Number field for manually configured SAs
• From: Dan.McDonald@eng.sun.com (Dan McDonald)
• Re: Sequence Number field for manually configured SAs
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: beginner's questions
• Next by Date: RE: Derived versus Explicit technical rationale
• Prev by thread: Re: beginner's questions
• Next by thread: Re: Sequence Number field for manually configured SAs
• Index(es):
  • Main
  • Thread