[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minor Security issues regarding Kb rekeying

To: "Hilarie K. Orman" <ho@earth.hpc.org>
Subject: Re: Minor Security issues regarding Kb rekeying
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Wed, 02 Dec 1998 14:48:30 -0500
cc: tjenkins@TimeStep.com, ipsec@tis.com, zegman@checkpoint.com
In-reply-to: Your message of "Wed, 2 Dec 1998 14:03:06 -0800 (PST) ." <199812022203.OAA05510@earth.hpc.org>
Sender: owner-ipsec@ex.tis.com

> I've become concerned about a slightly different matter with rekeying.
> Suppose Eve records and jams the Alice-Bob line for the duration of an
> SA use on a TCP connection ... she doesn't like the key.  Bob and
> Alice change to a new SA, according to their preferred schedule.  

Given TCP's behavior (particularly in the presence of slow start), Eve
would get at most a window's full of data, plus a bunch of
retransmitted copies of one segment before Alice stopped
transmitting..  (Hmm. the latter could be used as a potential aid to
cryptanalysis in and of itself..)..

> It's a leap of faith to say that Eve could be in position to prefer
> some keys over others, so this is largely a gedanken concern, but
> still ...

I think algorithms known to have this property are not really suitable
for use with IPSEC..

					- Bill

References:

RE: Minor Security issues regarding Kb rekeying

From: "Hilarie K. Orman" <ho@earth.hpc.org>

Prev by Date: Re: Use IPSEC as SSH replacement
Next by Date: Re: Minor Security issues regarding Kb rekeying
Prev by thread: RE: Minor Security issues regarding Kb rekeying
Next by thread: Re: Minor Security issues regarding Kb rekeying
Index(es):
- Main
- Thread