From owner-freebsd-arch Wed Jul 25 18:38:25 2001 Delivered-To: freebsd-arch@freebsd.org Received: from tp.databus.com (p101-46.acedsl.com [160.79.101.46]) by hub.freebsd.org (Postfix) with ESMTP id CBE0937B405; Wed, 25 Jul 2001 18:38:18 -0700 (PDT) (envelope-from barney@tp.databus.com) Received: (from barney@localhost) by tp.databus.com (8.11.4/8.11.4) id f6Q1cCi29162; Wed, 25 Jul 2001 21:38:12 -0400 (EDT) (envelope-from barney) Date: Wed, 25 Jul 2001 21:38:12 -0400 From: Barney Wolff To: Sean Chittenden Cc: Mike Silbersack , Barney Wolff , arch@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: TCP sequence numbers: RFC1948 patch ready for testing Message-ID: <20010725213812.A28964@tp.databus.com> References: <20010725032805.A21133@tp.databus.com> <20010725185434.V35719-100000@achilles.silby.com> <20010725173859.C65546@rand.tgd.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010725173859.C65546@rand.tgd.net>; from sean-freebsd-arch@chittenden.org on Wed, Jul 25, 2001 at 05:38:59PM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Existing sessions would not be broken by rekeying. The risk is that some new session might fail - and this can happen any time a new session with the same tuple starts shortly after an old session which spans the rekeying event ends. If it becomes possible to brute-force (or smart-sneak) reverse MD5 in less time than the life of the Universe, the right answer is to change the hash, not to rekey. You guys don't seem to want to believe RFC1948: Note that the secret cannot easily be changed on a live machine. Doing so would change the initial sequence numbers used for reincarnated connections; to maintain safety, either dead connection state must be kept or a quiet time observed for two maximum segment lifetimes after such a change. Have you asked Steve Bellovin whether he still stands by those words? He's not that unapproachable, despite being one of the most prominent folks in computer networking and security around. But he earned that reputation by being right, pretty close to 100% of the time. Barney On Wed, Jul 25, 2001 at 05:38:59PM -0700, Sean Chittenden wrote: > > > 2. By rekeying you risk violating the monotonicity of the isn across > > > the rekeying, which is the whole point of not just doing random isn. > > > > I'll go ahead and remove the isn_offset addition. I'm not really willing > > to remove the rekeying, though; we can't say that a faster method of brute > > force attack will not arise. Would a longer rekeying interval such as a > > day or two suffice? I'm not concerned about rekeying breaking a few > > connections given that it will only happen occasionally. > > While I agree that rekeying isn't something that should be > removed, I am concerned with your last sentence. Breaking TCP sessions > strikes me as an indicator that there needs to be some way of > configuring this. Is there any chance you could make this a tunable > variable through sysctl such as the number of seconds between rekeying? > > Along similar lines, given that rekeying can be done lazily, > would it be possible to rekey through the use of an external program > that would be called by cron? If TCP sessions are going to be dropped, > I want to be able to control, know, and plan when without giving up the > added TCP security that this patch provides. -sc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message