[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minor Security issues regarding Kb rekeying

To: Tamir Zegman <zegman@checkpoint.com>
Subject: Re: Minor Security issues regarding Kb rekeying
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Wed, 02 Dec 1998 15:01:32 -0500
cc: ipsec@tis.com
In-reply-to: Your message of "Wed, 02 Dec 1998 19:06:30 +0200 ." <36657396.CEBBE3B@checkpoint.com>
Sender: owner-ipsec@ex.tis.com

> For IPSEC SAs:

> Suppose an IPSEC SA with a lifetime of 1000Kb was established
> between two peer.  Alice encrypts 1000Kb of data using this SA but
> only 900Kb of encrypted data reach Bob.  Eve has now 1000Kb of
> encrypted data and can after cracking the SAs keys, transmit data to
> Bob who thinks this SA is still valid.

The comments about explicit SA deletes being the answer here are part
of the story.  Howevver, I think is that this is one of the places
where a margin of safety comes into play...  if the algorithm is
crackable in near-real-time with ~900kb of traffic, the per-key limit
should be much smaller than ~1000kb..

Also, if you're trying to make a marginal/weak algorithm "safe" to use
to secure real-time communications which don't have to be secret
forever, you clearly want to use both Kb and time limits on the SA.

					- Bill

References:

Minor Security issues regarding Kb rekeying

From: Tamir Zegman <zegman@checkpoint.com>

Prev by Date: Re: Minor Security issues regarding Kb rekeying
Next by Date: Re: SA bundles, multiple tunnels?
Prev by thread: Minor Security issues regarding Kb rekeying
Next by thread: RE: Minor Security issues regarding Kb rekeying
Index(es):
- Main
- Thread