[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suggestion for JFK

To: Dan Harkins <dharkins@SailPix.com>
Subject: Re: suggestion for JFK
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Tue, 11 Dec 2001 20:11:17 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Tue, 11 Dec 2001 17:07:20 PST." <20011212010720.1156E54C59@tailor.sailpix.com>
Sender: owner-ipsec@lists.tislabs.com

In message <20011212010720.1156E54C59@tailor.sailpix.com>, Dan Harkins writes:
>
>  Your case (c) was what I was suggesting-- if decryption fails then do
>not process anymore packets with that token. I'm not saying that a
>well-written JFK implementation would crash or peg a CPU or whatever,
>just that in the event of an attack it would be a benefit to know where
>that attack is coming from. True, this would be architecturally impure,
>but I'd swap cleanliness for some added information to send to syslog
>in the event of an attack.

Ah, I misunderstood what you said then.

Except that adding the IP in the HMAC doesn't help you in getting more
information for syslog purposes --- you can verify that you didn't
give the HMAC to the IP address that it claims it came from, but you
don't know who you gave it to (unless you keep state after Msg 1).

As for the NAT case, s/NAT/mobility or SCTP or multi-homed hosts or...
-Angelos

Follow-Ups:

Re: suggestion for JFK

From: Dan Harkins <dharkins@SailPix.com>

References:

Re: suggestion for JFK

From: Dan Harkins <dharkins@SailPix.com>

Prev by Date: Re: suggestion for JFK
Next by Date: Re: IKEv2 and SIGMA
Prev by thread: Re: suggestion for JFK
Next by thread: Re: suggestion for JFK
Index(es):
- Main
- Thread