Valery Smyslov <sva...@gmail.com> wrote:
> So the only real defense against this attack is an unpredictability of
SPIi.
> Is it enough? I don't know. I would feel more comfortable if initiator
> puts the cookie at the end of the message, thus making this attack
> infeasible:
> HDR, SAi1, KEi, Ni -->
> <-- HDR, N(COOKIE)
> HDR, SAi1, KEi, Ni, N(COOKIE) -->
> Note that this doesn't violate RFC 7296, since the payloads may come
> in any order. However it may break some existing implementations...
It seems like good advice.
Perhaps this is worth a IKE 2.1 value --- an initiator that says 2.1
is saying that it will always put the COOKIE last.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
