Opened 12 years ago

Closed 11 years ago

#205 closed defect (fixed)

HA protocol replay protection

Reported by: rsjenwar@… Owned by: Kalyani
Priority: normal Milestone:
Component: ipsecha-protocol Severity: Active WG Document
Keywords: Cc:

Description

Hi,

it seems to me we have created an overly complicated solution for replay protection of the Msg ID = 0 messages. Specifically, I think both the failover counter and the nonce can be eliminated.

Since the messages are protected under the IKE SA, we just need to ensure that in a correct run of the protocol, there is never any need to repeat previous messages. This can be done by including *both* Msg ID counters in each message, and specifying a few rules to make sure counters never go backwards.

Cluster member to client:

  • The counter I plan to use next (based on a traffic/rekey rate estimate, must be higher than the last message that was actually sent, otherwise it might be rejected)
  • The counter I think you will use next (the last known value, as received from the failed cluster member)

Client to cluster:

  • The counter I really plan to use next (must be equal to or higher than the received value)
  • The counter you said you will use next

And each side must accept incoming messages only if both values are equal to or larger than the corresponding one previously received from the same peer, and one of them is strictly larger than the previous value.

Am I missing anything?

Thanks,

Yaron

Change History (2)

comment:1 Changed 11 years ago by yaronf@…

  • Component changed from ipsec-ha to ipsecha-protocol

comment:2 Changed 11 years ago by yaronf@…

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in -03. The nonce is retained, but the failover counter is gone. Replaced by a tighter specification is the allowed counter values, so that legal protocol exchanges never look like replays.

Note: See TracTickets for help on using tickets.