[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A pothole in ISAKMP/Oakley
> From owner-ipsec@portal.ex.tis.com Tue Apr 15 22:41:40 1997
> Date: Tue, 15 Apr 1997 16:06:04 -0400
> From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
> To: pau@watson.ibm.com
> Cc: ho@earth.hpc.org, Dan.McDonald@Eng.sun.com, ipsec@tis.com
> Subject: Re: A pothole in ISAKMP/Oakley
> Address: 1 Amherst St., Cambridge, MA 02139
> Phone: (617) 253-8091
> Sender: owner-ipsec@ex.tis.com
> Content-Length: 863
>
> From: pau@watson.ibm.com
> Date: Tue, 15 Apr 1997 13:25:16 -0400
>
> Dan, the spec does say so. But if an implementation uses a montonically
> increasing counter to generate SPI's for ESP and AH, it can interop with
> others. So I think it is worthwhile to put in a safeguard.
>
> It sounds like testing for a monotonically increasing counter would be a
> good thing to put into a conformance test suite; if a implementation
> dues that, it should be considered broken.
Non-monotonically doesn't implies (strong)pseudorandomness. Must we check for randomness too?
>
> Is this important enough that we want to put more explicit words in the
> spec? (I will note that in general, this is really about how much we
> trust the intelligence and/or competence of the implementors that come
> after us. There are certainly those who believe we shouldn't trust
> their competence at all --- although if that's really true, the
> situation is probably hopeless.)
>
> - Ted
>
Regards,
Luis Saiz
---------------------------------------------------------------------
Protocol cryptanalysis is essentially formalized paranoia.
G. Simmons.
---------------------------------------------------------------------