[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

To: "David W. Faucher" <dfaucher@lucent.com>
Subject: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Mon, 17 Jul 2000 12:34:26 -0700
cc: "Paul Koning" <pkoning@xedia.com>, hugh@mimosa.com, henry@spsystems.net, ipsec@lists.tislabs.com, hugh@toad.com, gnu@toad.com
In-reply-to: Your message of "Mon, 17 Jul 2000 13:34:01 CDT." <009d01bff01d$c9c3bf70$0101a8c0@mv.lucent.com>
Sender: owner-ipsec@lists.tislabs.com

  An implementation may be open to a DoS attack if it does not keep
track of the MIDs of Quick Modes in which PFS was used for all active
IKE SAs. This attack is not effective if PFS is not used.

  There is no "security hole" associated with small amounts of entropy
nor is there any generic replay attack which can induce an implementation
into processing old IPSec packets.

  Dan.

On Mon, 17 Jul 2000 13:34:01 CDT you wrote
> Regardless of how "unique" is interpreted, it does appear that
> an implementation may be open to replay attacks if it does
> not keep track of the MIDs that have been used on a given
> ISKAMP SA.

Follow-Ups:

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

From: "D. Hugh Redelmeier" <hugh@mimosa.com>

References:

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

From: "David W. Faucher" <dfaucher@lucent.com>

Prev by Date: RE: problems with draft-jenkins-ipsec-rekeying-06.txt
Next by Date: RE: Responder Pre-set-up hole (was RE: problems with draft-jenkins-ip sec-rekeying-06.txt)
Prev by thread: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Next by thread: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Index(es):
- Main
- Thread