Re: [tcpm] tcp-auth-opt issue: replay protection

Joe Touch <touch@ISI.EDU> Wed, 30 July 2008 23:18 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id 3CE5A3A67E5; Wed, 30 Jul 2008 16:18:38 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1A4493A68A1 for <>; Wed, 30 Jul 2008 16:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8lS-tRblx0L1 for <>; Wed, 30 Jul 2008 16:18:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 104913A67AA for <>; Wed, 30 Jul 2008 16:18:36 -0700 (PDT)
Received: from [] ( []) by (8.13.8/8.13.8) with ESMTP id m6UNIPTi023868 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 30 Jul 2008 16:18:28 -0700 (PDT)
Message-ID: <>
Date: Wed, 30 Jul 2008 16:17:50 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird (Windows/20080708)
MIME-Version: 1.0
To: Adam Langley <>
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
Subject: Re: [tcpm] tcp-auth-opt issue: replay protection
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"

Hash: SHA1

Adam Langley wrote:
| The ESN is just a 64-bit sequence number. The SEQ field in the TCP
| header is just the lower 32-bits of this counter. Thus, for the
| half-connection from A to B, A knows the ESN exactly for every packet.
| For a packet recved by B, it guesses the ESN based on the closest
| value to it's last understanding. An example for B:
| At the beginning of the connection, B knows the ESN for the A->B half
| connection exactly: top 32-bits are 0, bottom 32-bits from the
| handshake.
| For each packet recved it gets the low 32-bits of the ESN, now assume
| that that the ESN is the closest of the 2**32 possible ESN's to the
| previous value of the ECN.

Can you explain the algorithm for "closest"?

| Update the previous value with this new guess.
| This is very easy code.
| Any packets which are reordered > 2**32 sequence bytes will be
| misclassified and dropped, but 2**32 sequence bytes is a long way.

<individual hat on>

If you update the ESN on the first packet whose Seqno causes you to
determine a rollover, won't any packets that are reordered around it be
dropped? i.e.:

	packets with higher seqnos that arrive earlier cause
	the ESN to be updated earlier; all subsequent packets
	with the pre-increment ESN would be droppped

<individual hat off>
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -

tcpm mailing list