[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cookies

To: ipsec@tis.com
Subject: cookies
From: Ramana Yarlagadda <ramana@trinc.com>
Date: Wed, 27 May 1998 19:31:20 +0500
Sender: owner-ipsec@ex.tis.com

Hi

Karn's suggested method for creating the cookie is to 
perform fast hash over the IP source and destination 
address ,the UDP source andn Destination ports and a
locally generated secret random value.

ISAKMP requires that the cookies be unique for each 
establisment to help prevent replay attacks, therefor
the date and time must be added to the information 
added.
[ from page 20, 21 of ISAKMP draft] 
and says cookie is an anti-clogging token.

in ISAKMP Header Processing:

WHEN WE CREATE an ISAKMP message: create respective cookie

WHEN WE RECEIVE an ISAKMP message: verify the initiator and
responder cookie...
[from pg 57 of ISAKMP draft]

1) how does the cookie acts as ACT and prevents from
REPLAY
2) How do we verify the cookies?.
 
-thanks in advance
-ramana
******************************************************************
* SrinivasRao. B. Kulkarni                                       *
* Rendezvous On Chip Pvt Ltd.                                    *
* First Floor, Plot No. 14,                                      *
* NewVasaviNagar, Kharkhana,                                     *
* SECUNDERABAD - 500015.                                         * 
* INDIA                                                          *
* Ph : (040) 7742606, 7740406                                    *
* email address : srinu@trinc.com                                *
******************************************************************

Prev by Date: keying material
Next by Date: Re: Items for new charter
Prev by thread: Re: keying material
Next by thread: RSA'99 Deadline
Index(es):
- Main
- Thread