[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] A question on the replay protection in HIP-base 08.draft

To: JiangXingFeng <jiang.x.f at huawei.com>
Subject: Re: [Hipsec] A question on the replay protection in HIP-base 08.draft
From: Pekka Nikander <pekka.nikander at nomadiclab.com>
Date: Tue, 31 Jul 2007 11:35:10 +0300
Cc: 'HIP WG' <hipsec at ietf.org>
In-reply-to: <000801c7d34c$7baa44c0$6905a40a@china.huawei.com>
List-archive: <http://www1.ietf.org/pipermail/hipsec>
List-help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-post: <mailto:hipsec@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
References: <000801c7d34c$7baa44c0$6905a40a@china.huawei.com>

AFAICS, your understanding is basically correct.

However, IIRC, another consideration we had in mind was very limited hosts. It may be desirable to implement HIP on hosts where it is too costly to store the generation counter for all/some hosts. Furthermore, if you don't store the generation counter, you harm only yourself: you will become vulnerable to certain replay attacks, but that doesn't harm the Internet in the large. So, in the spirit of doing no harm, it seemed safest to allow hosts to pick their own policy depending on their resources etc.

--Pekka

On 31 Jul 2007, at 11:26, JiangXingFeng wrote:

Hi: In the section 4.1.4 of draft-ietf-hip-base-08, it says that " Implementations MUST accept puzzles from the current generation and MAY accept puzzles from earlier generations'.

The generation counter is designed to protect replay attack in HIP. The initiator should not accept R1 with earlier counter, but HIP uses IP protocol to transport message and lack of reliability, so that the R1 message MAY duplicate or out of order. From the above reason, the draft say that "initiator MAY accept puzzles from earlier generations". Is my understanding right? If it is not, what is the reason for that statement?
Regards!
--
Jiang XingFeng
_______________________________________________
Hipsec mailing list
Hipsec at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/hipsec

_______________________________________________
Hipsec mailing list
Hipsec at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/hipsec

References:
- [Hipsec] A question on the replay protection in HIP-base 08.draft
  - From: JiangXingFeng

Prev by Date: [Hipsec] A question on the replay protection in HIP-base 08.draft
Next by Date: [Hipsec] Security issue for middlebox authentication?
Previous by thread: [Hipsec] A question on the replay protection in HIP-base 08.draft
Next by thread: [Hipsec] Security issue for middlebox authentication?
Index(es):
- Date
- Thread