Allan Latham <alatham,AT,flexsys-group,DOT,com>|
Re: Replays - thoughts on Gutmann response|
Sandino Araico Sanchez <sandino,AT,sandino,DOT,net>|
Tue, 07 Oct 2003 18:36:31 -0500|
<944775566166B64B9A2DD5EE0159B5CDBA2A@europa.directory.futurefoundations.com> <firstname.lastname@example.org> <email@example.com>|
Allan Latham wrote:
If that were all, my opinion would be that we don't have a replay problem with
CIPE. Unfortunately there are some concerns:If we use TCP instead of UDP for key exchange the replay problem can be
worked around and there's no performance impact since there's no TCP
over TCP encapsulation in key exchange.
1. ICMP and UDP traffic could possibly be replayed to cause a DOS attack.
2. Key exchange replays may allow an attacker to force CIPE to use the static
key or an already cracked dynamic key.
I hope to cover the whole subject of how to harden key exchange later.
There's lower complexity using UDP exclusively for traffic and TCP
exclusively for key exchange since we don't need to find out if the
received UDP package contains a package or a key. When we are sure no
UDP package contains a key we just need to check integrity, decrypt the
encapsulated package and pass it to the upper layer so the process is
Sandino Araico Sánchez
-- Lo que no mata engorda.