It is the receiver's responsibility to protect against replays. So the
down side is, if your delta is too low, the message you send will be
dropped and you will have to re-establish the SA. You do not open
yourself to a replay.
IOW, it's a matter of implementation: you need to ensure that the peers
are synchronized well enough so that you can use a small delta (e.g. 1-2).
Thanks,
Yaron
On 11/23/2010 05:19 PM, Tero Kivinen wrote:
Yaron Sheffer writes:
to reiterate: if you ensure that the Message ID value is always strictly
larger than in previous messages (i.e. if the failover member sends
old_value+delta for a large enough delta, and if the peer is willing to
accepts arbitrary jumps in the value) then both sides can protect
against replay without requiring either the nonce or the failover
counter. But this means that the Message ID value is *set* to a new
value on both sides, rather than *synchronized* (to a previous value).
Except there is no way to know the value of delta. And if you do not
know value of delta, then you open yourself to replay attacks if your
delta was too small.
Having some arbitrary delta, which is impossible to pick properly,
isn't really solving the problem, it just makes the attacks bit harder
for the attacker, but it does not remove those attacks.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
