Re: Comments on draft-ietf-ipsec-ike-01.txt

["Valery Smyslov" <svan@trustworks.com>]

On 22 Jun 99 at 18:54, Dan Harkins wrote:

> The paper goes on to suggest changing SAi_b in the authenticating
> hash calculation to SAr_b. But this will allow an attacker to modify
> the Initiator's offers and remove certain offers-- for instance the
> offer is [(3DES, group 5, etc) || (CAST, group 5, etc) || (DES, group 1,
> etc)] and it becomes a single offer of [(DES, group 1, etc)].
> 
>   The suggested change is flawed but if the working group thinks this
> attack is serious we can include both SAi_b and SAr_b in the hash
> calculations to prevent this.

Dan, if you are going to change hash calculation, maybe more 
general solution would be Tero Kivinen's proposal for these HASHes to 
be the hash of all packets received/sent so far. It will authenticate 
all auxiliary payloads either. Please, see his message
<199809062326.CAA29797@torni.ssh.fi> to the list  from 7 Sep 1998 for 
details.

>   Dan.

Regards,
Valery.

---

References:

• Re: Comments on draft-ietf-ipsec-ike-01.txt
• From: Jianying Zhou <jyzhou@krdl.org.sg>
• Re: Comments on draft-ietf-ipsec-ike-01.txt
• From: Dan Harkins <dharkins@network-alchemy.com>

---

• Prev by Date: FW: IPsec-implementations for Linux kernel 2.2.*
• Next by Date: Re: draft-ietf-ipsec-notifymsg-00.txt (long)
• Prev by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt
• Next by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt
• Index(es):
  • Main
  • Thread