[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unique MIDs

To: "Mason, David" <David_Mason@nai.com>
Subject: Re: Unique MIDs
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Thu, 13 Jul 2000 18:10:18 -0700
cc: IPsec List <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Thu, 13 Jul 2000 12:14:42 PDT." <447A3F40A07FD211BA2700A0C99D759B78910D@md-exchange1.nai.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 13 Jul 2000 12:14:42 PDT you wrote
> > Replaying an old Initiator-to-Responder message (#1) back to the
> > Responder will result in the Responder sending an unexpected message #2
> > back to the Initiator which will fail the hash check
> 
> If the responder allows the initiator to use non-unique message IDs then
> this opens up a DoS avenue especially if PFS was used.

So then don't generate the KEYMAT until you receive message #3. 

Where is this security hole?

  Dan.

References:

Unique MIDs

From: "Mason, David" <David_Mason@nai.com>

Prev by Date: Re: problems with draft-jenkins-ipsec-rekeying-06.txt
Next by Date: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Prev by thread: Unique MIDs
Next by thread: RE: Unique MIDs
Index(es):
- Main
- Thread