[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Sequence Number field for manually configured SAs
I am confused on how the Sequence Number field for ESP should be handled
for manually configured SAs, especially with respect to implicit IVs.
The latest ESP draft, draft-ietf-ipsec-esp-v2-00.txt (dated 21 July 1997),
contains the following two passages:
2.2 Sequence Number
.
.
.
The Sequence Number is mandatory. It is always included in an ESP
packet, to ensure alignment of the Payload field on an 8-byte
boundary (in support of IPv6). Even if authentication is not
selected as a security service for the SA, or if ESP is employed in
an IPv4 environment, this field MUST be present.
Processing of the Sequence Number field is at the discretion of the
receiver, i.e., the sender MUST always transmit this field, but the
receiver need not act upon it (see the discussion of Sequence Number
Verification in the "Inbound Processing" section below).
5. Conformance Requirements
...................... If the key used to compute an ICV is manually
distributed, correct provision of the anti-replay service would
require correct maintenance of the counter state at the transmitter,
until the key is replaced, and there likely would be no automated
recovery provision if counter overflow were imminent. Thus a
compliant implementation SHOULD NOT provide this service in
conjunction with SAs that are manually keyed.
Based on these passages, one could assume that for manual SAs you should
send the Sequence Number field in the ESP but do not increment any
counters (to avoid the rollover of the field).
The latest ESP DES-CBC transform draft, draft-ietf-ipsec-ciph-des-derived-00.txt
(dated July 1997), contains the following passage:
5.1. ESP Sequence Number
The Sequence Number is a 32-bit (4 byte) unsigned counter. This
field protects against replay attacks, and may also be used for syn-
chronization by stream or block-chaining ciphers.
When configured manually, the first value sent SHOULD be a random
number. The limited anti-replay security of the sequence of data-
grams depends upon the unpredictability of the values.
This passage leads me to believe that for manually configured ESP SAs,
one should initialize the Sequence Number field to a random number,
increment the field for each subsequent packet, and not worry about
the rollover of the field.
Which interpretation is correct? I assume the same interpretation would
also apply to the handling of the Sequence Number field in the manually
configured AH SAs.
Steve Klein
Follow-Ups: