tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: why is SA lifetime kilobyte limit disabled in racoon? said:
> > At least it
> > would be a help to fingerprint the OS or estimate uptime.
> Depends on how you pick the starting point.

OK, not for the fingerprint -- the mere fact that there is a simple
counter tells something about the OS and perhaps the byteorder.
But there is another argument for a random start value which is
to protect those who don't read manuals and use the cipher
with a static key. Hope that they don't reboot that often that
birthday paradox strikes again:-)

> But you've given another reason why they don't specify it: having
> one counter per system, rather than one per SA, is perfectly acceptable
> if you rekey at the right time.

Actually, the reason that I didn't suggest a per-system counter
wasn't that I'm concerned about overflow.
One is that for an API which accomodates everyone (including the
paranoid), some per-SA state will be needed anyway. I'm more
concerned about a sustaining API, and like to leave crypto
things to those who know more.
And the other is that a global counter would not only leak information
about the system as such but also about the activity of other ipsec
connections. I can't imagine that this would be acceptable for eg a
corporate tunnel endpoint.

best regards

Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt

Besuchen Sie uns auf unserem neuen Webauftritt unter

Home | Main Index | Thread Index | Old Index