[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: isakmp cookies field

To: "'Shoichi Sakane'" <sakane@kame.net>
Subject: RE: isakmp cookies field
From: "Aronson, David" <daronson@cryptek.com>
Date: Mon, 6 Aug 2001 14:08:37 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Shoichi Sakane [mailto:sakane@kame.net] writes:

 > of course, i've read this document.  but i think this cookie creation
 > couldn't prevent from dos or mitm attack.

I dunno, you may be right, I'm rather new to IKE/ISAKMP/etc., was just
quoting the RFC, and haven't the time right now to devote to a fuller
analysis.  Can you trace out a situation in which a DoS or MitM attack would
succeed despite the cookies?  (Even assuming that they are generated
according to the RFC's recommendation, or any later that may have superseded
it.)  If you're wrong, I'm sure someone will speak up about how the cookies
would prevent it....

-- 
Dave Aronson, Sysop of free public Fidonet BBS Air 'n Sun, +1-703-319-0714.
Opinions all MINE, not by Cryptek/NRA/SCA/Mensa/HWG/LPUSA/CAUCE/FedGov/God!
See my web site, at http://listen.to/davearonson (last updated 2001-06-27).
Device-driver proggers: see http://www.cryptek.com and send me your resume!

Prev by Date: RE: Position statement on IKE development
Next by Date: Cookies only make you fat
Next by thread: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt
Index(es):
- Main
- Thread