Re: anti-replay protection without IKE

[Jackie Wilson <jhwilson@austin.ibm.com>]

The reason manual tunnels are not supposed to do replay protection
is because there is no way to resync the replay counter if
one side goes down.  The spec also specifies that the replay counter
may not roll over to 0.  If there are other rekeying mechanisms to
address these 2 issues, replay protection is not a problem.

Perhaps some text should be added to the draft so that the reasons
are known and developers can decide if they have an alternate
mechanism for restarting the sequence counters.

Jackie
John Ioannidis wrote:
> >  RFC 2401
> > hints that replay checking shouldn't be done for manual SAs, presumably on the 
> > theory that manual keys are likely to be long-lived.  However, there are 
> 
> I had missed that detail, but the explanation makes no sense.  It's 
> *especially* when we have long-lived keys that we want replay protection!
> 
> On applications with manual keying, or non-IKE keying, maybe we want to
> allow turning off the replay protection, but I feel that it MUST be turned
> on by default.
> 
> > Should (or SHOULD) implementations 
> > permit such applications to request replay checking?
> 
> I think that the phrasing should be "implementations MAY permit applications
> to turn OFF replay protection, but replay protection MUST be turned on by
> default."
> 
> /ji
> 
> --
> John Ioannidis <ji@research.att.com>
> Secure Systems Research Department
> AT&T Labs - Research
> 


-- 
Jacqueline Wilson          | Phn:  (512) 838-2702
IBM, AIX/6000              | Fax:  (512) 838-3509
11400 Burnet Road ZIP 9551 | Ext:  8-2702   Tie-Line:  678
Austin, TX 78758-3493      | inet: jhwilson@austin.ibm.com

---

• Prev by Date: Re: anti-replay protection without IKE
• Next by Date: Re: Unspecified Lifetime
• Prev by thread: Re: anti-replay protection without IKE
• Next by thread: PMTU Discovery on Security Gateway
• Index(es):
  • Main
  • Thread