Valery Smyslov <[email protected]> wrote: > So the only real defense against this attack is an unpredictability of SPIi. > Is it enough? I don't know. I would feel more comfortable if initiator > puts the cookie at the end of the message, thus making this attack > infeasible:
> HDR, SAi1, KEi, Ni -->
> <-- HDR, N(COOKIE)
> HDR, SAi1, KEi, Ni, N(COOKIE) -->
> Note that this doesn't violate RFC 7296, since the payloads may come
> in any order. However it may break some existing implementations...
It seems like good advice.
Perhaps this is worth a IKE 2.1 value --- an initiator that says 2.1
is saying that it will always put the COOKIE last.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
