RE: Unique MIDs

["Mason, David" <David_Mason@nai.com>]

In memory constrained systems the implementer may likely decide that the
potential DoS hit is worth risking.  If a memory constrained system is
negotiating with a peer that doesn't allow duplicate MIDs the randomness of
the MID will likely prevent duplicate MIDs anyways.  In the rare case that a
duplicate MID is used, the non-constrained system should reply with a
INVALID-MESSAGE-ID notify (at an interval that won't flood the constrained
system when there is a replay attack underway).

-dave

-----Original Message-----
From: Mason, David [mailto:David_Mason@nai.com]
Sent: Thursday, July 13, 2000 3:15 PM
To: IPsec List
Subject: Unique MIDs


> Replaying an old Initiator-to-Responder message (#1) back to the
> Responder will result in the Responder sending an unexpected message #2
> back to the Initiator which will fail the hash check

If the responder allows the initiator to use non-unique message IDs then
this opens up a DoS avenue especially if PFS was used.

The RFCs make several references to unique IVs for the phase 2 exchanges
(i.e., unique MID). These references seemed to indicate unique IVs were
important for more reasons than just the case of having two simultaneous
Quick Modes taking place with the same message ID.  The RFCs don't make any
statement about the temporal nature of the uniqueness. I assumed the
uniqueness of the MID/IV was constrained to the cookie.  Even if there were
no cryptographic significance to mandating unique IVs there is still the
issue of DoS mentioned above.

-dave

---

• Prev by Date: RE: problems with draft-jenkins-ipsec-rekeying-06.txt
• Next by Date: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
• Prev by thread: Re: Unique MIDs
• Next by thread: RE: Unique MIDs
• Index(es):
  • Main
  • Thread