Valery Smyslov <sva...@gmail.com> wrote: > So the only real defense against this attack is an unpredictability of SPIi. > Is it enough? I don't know. I would feel more comfortable if initiator > puts the cookie at the end of the message, thus making this attack > infeasible:
> HDR, SAi1, KEi, Ni --> > <-- HDR, N(COOKIE) > HDR, SAi1, KEi, Ni, N(COOKIE) --> > Note that this doesn't violate RFC 7296, since the payloads may come > in any order. However it may break some existing implementations... It seems like good advice. Perhaps this is worth a IKE 2.1 value --- an initiator that says 2.1 is saying that it will always put the COOKIE last. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec