Hi Steve,
[Cross-posted to ipsecme]
I have always wondered about these sequence numbers, and the concept of
anti-replay in IPsec.
- IPsec is architecturally a "plug-in replacement" for IP. And IP allows
for arbitrary packet deletion, duplication and reordering.
- Anti-replay counters are giving us no end of trouble in clustered
environments (e.g.
http://tools.ietf.org/wg/ipsecme/draft-ietf-ipsecme-ipsecha-protocol/).
- IPsec (unfortunately) does not have an application API, at least in
most implementations. Such an API might indeed have put this feature to
good use.
- And lastly, IPsec anti-replay is optional, which signifies to me that
it's always been an iffy feature.
I have looked at RFC 4301 again (the IPsec architecture), and it
provides only weak justification for this feature. Can you please point
me to a more convincing reasoning?
Thanks,
Yaron
------------------------------
Message: 2
Date: Thu, 10 Feb 2011 19:51:08 -0500
From: Steven Bellovin<[email protected]>
Subject: Re: [TLS] Security consideration for DTLS: Adversarial packet
loss/reordering
To: Eric Rescorla<[email protected]>
Cc: Paul Hoffman<[email protected]>, [email protected]
Message-ID:<[email protected]>
Content-Type: text/plain; charset=us-ascii
On Feb 10, 2011, at 3:03 21PM, Eric Rescorla wrote:
On Thu, Feb 10, 2011 at 12:03 PM, Eric Rescorla<[email protected]> wrote:
On Thu, Feb 10, 2011 at 11:31 AM, Paul Hoffman<[email protected]> wrote:
On 2/10/11 9:49 AM, Matt McCutchen wrote:
Here's an issue that might be worth adding as a security consideration
in the next version of the DTLS specification. It may affect IPsec too;
I haven't looked into that. Thoughts?
I disagree with this suggestion, at least as it is proposed.
DTLS does not prevent an attacker from dropping or reordering records.
Datagram applications are generally designed to tolerate random packet
loss and reordering, but care must be taken to ensure that adversarial
loss and reordering cannot break the desired higher-level security
properties.
That "care" sounds like it is care in the DTLS-using protocol, but no
suggestion is given how such a protocol can show care. This makes the
suggestion little more than "be careful", which is not useful.
DTLS does deliver order information, of course. It just doesn't impose
reordering.
Perhaps the take-home for DTLS itself is that it would be nice if
packets came with
their sequence numbers attached.
In the API, I mean.
Given the importance of sequence numbers for IPsec, I very much agree.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
