[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec error protocol

To: fd@cisco.com
Subject: Re: ipsec error protocol
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Wed, 17 Jan 2001 16:38:20 -0500
cc: sommerfeld@East.Sun.COM, "Scott G. Kelly" <skelly@redcreek.com>, sankar ramamoorthi <sankar@nexsi.com>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 17 Jan 2001 22:26:19 +0100." <3A660DFB.DE19C011@cisco.com>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> a) not everyone knows how many times that host rebooted so far. So
> the latest cert of birth should be included in every phase 1
> negotiation. 

I said.. "in the negotiation of the IKE SA".. same thing.

BTW, from the embedded device front, my understanding is that SNMPv3
security uses a reboot counter, so maintaining this shouldn't be a
problem for the embedded folks.

> b) if an attacker finds a way to reboot a host generating certs of
> birth, this can force the signing host (either the host itself (self
> signed cert)) or the CA to sign an enormous amount of data, therefor
> weakening its private key (clear text attack). I do not know how
> efficient that would be but I would welcome the advice of a
> cryptographer.

I used the term "certificate" in the generic sense.  In some sense it
could be more accurately described as a "death certificate for all
prior state".

It wouldn't have to be (and probably shouldn't be) in x.509
format.. (x.509 specifies one way to do "certificates"; it is not the
only way to do certificates, and in some cases, like this one, an
application-specific format is appropriate).

				- Bill

Follow-Ups:

Re: ipsec error protocol

From: Frédéric Detienne <fd@cisco.com>

References:

Re: ipsec error protocol

From: Frédéric Detienne <fd@cisco.com>

Prev by Date: Re: ipsec error protocol
Next by Date: Re: ipsec error protocol
Prev by thread: Re: ipsec error protocol
Next by thread: Re: ipsec error protocol
Index(es):
- Main
- Thread