Sequence Number field for manually configured SAs
"Steve Klein (254-5623)" <steveklein@vnet.ibm.com> Mon, 28 July 1997 13:06 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id JAA20958 for ipsec-outgoing; Mon, 28 Jul 1997 09:06:52 -0400 (EDT)
Message-Id: <199707281316.JAA29407@relay.hq.tis.com>
Date: Mon, 28 Jul 1997 09:11:49 -0400
From: "Steve Klein (254-5623)" <steveklein@vnet.ibm.com>
To: ipsec@tis.com
Subject: Sequence Number field for manually configured SAs
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I am confused on how the Sequence Number field for ESP should be handled for manually configured SAs, especially with respect to implicit IVs. The latest ESP draft, draft-ietf-ipsec-esp-v2-00.txt (dated 21 July 1997), contains the following two passages: 2.2 Sequence Number . . . The Sequence Number is mandatory. It is always included in an ESP packet, to ensure alignment of the Payload field on an 8-byte boundary (in support of IPv6). Even if authentication is not selected as a security service for the SA, or if ESP is employed in an IPv4 environment, this field MUST be present. Processing of the Sequence Number field is at the discretion of the receiver, i.e., the sender MUST always transmit this field, but the receiver need not act upon it (see the discussion of Sequence Number Verification in the "Inbound Processing" section below). 5. Conformance Requirements ...................... If the key used to compute an ICV is manually distributed, correct provision of the anti-replay service would require correct maintenance of the counter state at the transmitter, until the key is replaced, and there likely would be no automated recovery provision if counter overflow were imminent. Thus a compliant implementation SHOULD NOT provide this service in conjunction with SAs that are manually keyed. Based on these passages, one could assume that for manual SAs you should send the Sequence Number field in the ESP but do not increment any counters (to avoid the rollover of the field). The latest ESP DES-CBC transform draft, draft-ietf-ipsec-ciph-des-derived-00.txt (dated July 1997), contains the following passage: 5.1. ESP Sequence Number The Sequence Number is a 32-bit (4 byte) unsigned counter. This field protects against replay attacks, and may also be used for syn- chronization by stream or block-chaining ciphers. When configured manually, the first value sent SHOULD be a random number. The limited anti-replay security of the sequence of data- grams depends upon the unpredictability of the values. This passage leads me to believe that for manually configured ESP SAs, one should initialize the Sequence Number field to a random number, increment the field for each subsequent packet, and not worry about the rollover of the field. Which interpretation is correct? I assume the same interpretation would also apply to the handling of the Sequence Number field in the manually configured AH SAs. Steve Klein
- Sequence Number field for manually configured SAs Steve Klein (254-5623)
- Re: Sequence Number field for manually configured… William Allen Simpson
- Re: Sequence Number field for manually configured… Rodney Thayer
- Re: Sequence Number field for manually configured… Dan McDonald
- Re: Sequence Number field for manually configured… Stephen Kent