[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Retransmits in traffic count?

To: <ipsec@lists.tislabs.com>, <akrywaniuk@TimeStep.com>
Subject: RE: Retransmits in traffic count?
From: "Hilarie Orman" <HORMAN@novell.com>
Date: Wed, 11 Aug 1999 16:42:43 -0600
Sender: owner-ipsec@lists.tislabs.com

The identity protection is the only important aspect of the discussion,
but it is not tied to KB lifetime.   The risk factor depends on how
many identities would be exposed by breaking one key.   It is
reasonable to assume that there is enough redundancy in
the plaintext to warrant an exhaustive search, so even one
encrypted exchange makes the key vulnerable, and thus all
the identities encrypted under it.  The volume of data is
irrelevant.  So I'd limit the number of exchanges that involve
identities; that's probably closely related to time, so maybe
it's already covered (and Dan is right about killing the
KB lifetime).

Note also that this only applies to passive attacks; active
attackers can arrange to see the identities with only a little
bit of clumsiness.  The passive scenario seems very
important, though.

I don't see much value in applying weak protections for
adding security to strong methods (e.g. encrypting the
DH exponentials).  I suppose you could argue that sometimes
this will hide errors in implementation or certain kinds
of hardware failures, but implementors should embrace the
concept of "bug transparency."   Errors in security protocols
should be glaringly visible on the wire, so that they can be 
detected and fixed.

Hilarie

Prev by Date: Re: Retransmits in traffic count?
Next by Date: Re: IPsec software implementations for Sun Solaris
Prev by thread: Re: Retransmits in traffic count?
Next by thread: When was last bakeoff - next bakeoff?
Index(es):
- Main
- Thread