Hi Tero,
to reiterate: if you ensure that the Message ID value is always strictly
larger than in previous messages (i.e. if the failover member sends
old_value+delta for a large enough delta, and if the peer is willing to
accepts arbitrary jumps in the value) then both sides can protect
against replay without requiring either the nonce or the failover
counter. But this means that the Message ID value is *set* to a new
value on both sides, rather than *synchronized* (to a previous value).
Thanks,
Yaron
On 11/23/2010 03:06 PM, Tero Kivinen wrote:
Pekka Riikonen writes:
Are the Security Considerations in the draft valid anymore at all? And
are the nonce and failover count needed? Yaron wanted to eliminate these,
and I'm all for it.
I think we still need both. The failover counter protects against the
attack I explained in this email (i.e. attacker replaying request),
and nonce protects against the attacks where attacker tries to replay
response message.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
