[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: src addr/SPI coupling

To: <andrew.krywaniuk@alcatel.com>
Subject: RE: src addr/SPI coupling
From: Stephen Kent <kent@bbn.com>
Date: Mon, 14 May 2001 17:31:33 -0400
Cc: <ipsec@lists.tislabs.com>
In-Reply-To: <000701c0dc8a$85b9ae70$1e31788a@andrewk3.ca.newbridge.com>
References: <000701c0dc8a$85b9ae70$1e31788a@andrewk3.ca.newbridge.com>
Sender: owner-ipsec@lists.tislabs.com

At 3:33 AM -0400 5/13/01, Andrew Krywaniuk wrote:
>  > In the case of multicast traffic, where separate key servers may be
>>  controlling keys/SA assignment for different multicast sessions,
>>  you'd have to come up with a mechanism to ensure that there are
>>  (a) no collisions in SPI assignment across the possible universe of
>>  key servers, (b) but still have reasonable randomness to the SPI
>>  allocation (the phase 2 SPIs are used as additional randomness
>>  in the key derivation), and (c) the SPI space per address is
>>  sufficiently
>>  large enough for rekeying for some noticeable amount of time (because
>>  of (b)).
>
>Are (b) and (c) really a problem? The entropy provided by the SPIs is only
>needed to provide distinct keymat for multiple SAs in the same packet,
>right? A counter in the key derivation would serve the same purpose.
>

There is no security requirement, re key material derivation, for 
SPIs to be "random." There is some benefit for DoS purposes to have 
them be hard to predict, but RFC 2401 does not mandate randomness. It 
merely requires local uniqueness, for demuxing.

steve

References:

RE: src addr/SPI coupling

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Re: src addr/SPI coupling
Next by Date: CR format in IKE
Prev by thread: Re: src addr/SPI coupling
Next by thread: Re: src addr/SPI coupling
Index(es):
- Main
- Thread