[Ace] More replay questions
"Jim Schaad" <ietf@augustcellars.com> Thu, 22 October 2015 19:53 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C0421B3EA4 for <ace@ietfa.amsl.com>; Thu, 22 Oct 2015 12:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dncz6IIfK1bg for <ace@ietfa.amsl.com>; Thu, 22 Oct 2015 12:53:44 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38D851B3EA3 for <Ace@ietf.org>; Thu, 22 Oct 2015 12:53:44 -0700 (PDT)
Received: from hebrews (winery.augustcellars.com [206.212.239.129]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 6D33A2CA2A for <Ace@ietf.org>; Thu, 22 Oct 2015 12:53:43 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: Ace@ietf.org
Date: Thu, 22 Oct 2015 12:51:01 -0700
Message-ID: <07d101d10d02$fb099560$f11cc020$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AdEM/FFF01Gp/iL+R+esO1BkVWE8OA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/8sTLxFRT39NPWuKkUBKiajt2GG0>
Subject: [Ace] More replay questions
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 19:53:45 -0000
I have a couple of more questions about replay 1. Is there any reason to think that relay protection is going to be wanted without the object security wrapper? I note that DTLS does provide some replay protection but not complete replay protection. It allows for the ability to do the "last n messages" check that you don't do a replay for one of those messages (or out of zone messages) but it does not allow for a high water mark style of replay protection (don't replay a messages sent before the last one I processed). How this is not supported can be seen from the following sequence of events: a) C sends message M1 b) C sends message M2 c) Proxy receives M2 and re-sends as M_p1 d) Proxy receives M1 and re-sends as M_p2 e) Server receives message M_p1 and processes f) Server receives message M_p2 and processes The proxy reversed the order of the messages, but sense it uses a different counter for the sequence number than what the client does the server cannot detect that M1 arrived after M2 and thus should not be processed. 2. Do you expect any intermediaries to help and do the same replay protection that you are getting at the endpoint? For example, would you expect the proxy in the previous example to potentially not re-send message M1 because it does not make the high water replay conditions? 3. Do you expect to apply replay protection before or after doing the cryptographic integrity checks? My expectation is that one should be doing this BEFORE doing any cryptographic operations. This says that putting it in the options might be better if it can be accessed faster. Would also say that making it an unprotected attribute is better as there would be one less decoding step required to use it. 4. Is there ever any reason to think that replay protection items might need to be encrypted? I have no idea if there would ever be any leakage of information here. I kind of doubt it. Jim
- [Ace] More replay questions Jim Schaad