[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cookie verification

To: bkavsan@ire-ma.com, sami.vaarala@netseal.com
Subject: Re: cookie verification
From: Vipul Gupta <Vipul.Gupta@Eng.Sun.COM>
Date: Wed, 8 Dec 1999 11:10:41 -0800 (PST)
Cc: ipsec@lists.tislabs.com
Reply-To: Vipul Gupta <Vipul.Gupta@Eng.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com


  My interpretation of the IKE RFC agrees with Sami's analysis.
  In IKE, the responder needs to store state from the very first message
  received from the initiator -- at the very least, SAi_b. 
  Storing the responder's cookie along with this state isn't
  that much additional overhead (in proportion to the overhead of
  storing other required info). Having done so, a responder
  can verify cookies received in subsequent messages by a 
  direct comparison to the saved value. So even though the 
  cookie text in RFC 2409 matches what's in the Photuris draft,
  IKE really doesn't use cookies for anti-clogging. 
  
  I have written a prototype IKE implemantation in Java and
  even though I have a verifyCookie() method, I never need to
  call it for the reason stated above. 
  
  vipul
  
> Bronislav,
> 
> > Sami - excellent overview! That's exactly what I was looking for,
> > thank you very much!
> > In summary - because in the current IKE the cookies are not fully "baked"
> yet :)
> > - any random or pseudo-random values will  work just fine - and with some
> future
> > standardization in this area - the value of intelligent cookies in IKE can
> be
> > enhanced.
> 
> I must add a disclaimer to my post -- it was intended to convey my
> personal interpretation of the specifications.  It would be nice if
> someone with more authority on the subject would give a clean
> description of cookies and whether my analysis is correct :)
> 
> It would be interesting to know if there is anything real to be
> gained by using more "intelligent" cookies, like the ones I described
> in the post (they are actually used by our implementation).
> 
> > Until this is the case - all RFC2408 MUSTs about cookie generation should
> be
> > interpreted as MAY, right?
> 
> In my interpretation, yes.  The cookie requirements in ISAKMP were
> lifted almost word-for-word from Photuris, which uses the cookies
> usefully to prevent state creation in denial-of-service attacks.
> I must stress that as far as I understand, ISAKMP *could* use a
> similar mechanism (indeed, there is a note of a "header exchange"
> which is not elaborated further), although IKE does not (currently)
> take advantage of it.
> 
> As far as I see it, the only real requirement for IKE is that the
> cookies must be unpredictable to an outsider;  the method of creating
> them by hashing "stuff" (including IP addresses) fulfills that goal.
> 
> Sami
> 
> --
> Sami Vaarala (sami.vaarala@netseal.com)
> NetSeal Technologies
> http://www.netseal.com/
> 
>

Prev by Date: Re: Heartbeats (was RE: keepalives)
Next by Date: Re: Heartbeats (was RE: keepalives)
Prev by thread: Re: cookie verification
Next by thread: diffie-hellman benchmarks
Index(es):
- Main
- Thread