Re: why is SA lifetime kilobyte limit disabled in racoon?

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

smb%cs.columbia.edu@localhost said:
> In other words, a simple counter suffices.  Appendix B of the NIST
> standard (Special Publication 800-38A) says the same thing.

OK, thanks... So we'd need to extend the framework to be able to
choose a per-SA IV generation mechanism, and a place to store
its per-SA context... I'll try to get something coordinated
with the other BSDs. Someone alreading reading this???

A concern would be whether a simple counter leaks
too much meta information for the paranoid. At least it
would be a help to fingerprint the OS or estimate uptime.
(One can ask why, if a simple counter is good enough,
the authors of the specification didn't just make a
requirement of this. Then at least the fingerprinting
concern wouldn't arise.)
Or would it be a good idea to obfuscate the counter,
eg using some random bits and a 64-bit block cipher?

best regards
Matthias



------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

Besuchen Sie uns auf unserem neuen Webauftritt unter www.fz-juelich.de