[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: C API: minor comments

To: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Subject: RE: C API: minor comments
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Mon, 15 Nov 1999 19:03:51 -0800
Cc: "'Kurt D. Zeilenga'" <kurt@boolean.net>, Mark Wahl <M.Wahl@INNOSOFT.COM>, "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>, mcs@netscape.com, howes@yahoo.com, "Andy Herron (Exchange)" <andyhe@Exchange.Microsoft.com>, "Anoop Anantha (Exchange)" <anoopa@Exchange.Microsoft.com>, ietf-ldapext@netscape.com
In-reply-to: <19398D273324D3118A2B0008C7E9A569051BEAAE@SIT.platinum.corp.microsoft.com>
Resent-date: Mon, 15 Nov 1999 19:05:45 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"raTNSC.A.Ts.6nMM4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 06:07 PM 11/15/99 -0800, Paul Leach (Exchange) wrote: 
> How? If the attacker does not know what ID is being used,
> and chooses the wrong one, then it will be detectable and
> the spoofed message can be discarded.

Well, if she spoofy results to a client, you need to know
the message id used (and other specifics of the request).
This assumes you can read what the client is sending and
match your responses.

If she is spoofy the server, then she only needs to pick
an ID to which is not outstanding.  Zero or any recently
completed message id are all very unlikely to conflict
with future requests.

And if you can spoof, ie: insert/remove bytes from the
stream, then frankly, the spoofer can translate around
any message ID conflicts between what it's doing and
what the client/server are doing.

It's my opinion that use of a counter creates no significant
security risk.  It's my opinion that initializing the counter
to a random value does not improve security.  It's my opinion
that use of random sequence would weaken security (because
of added implementation complexity).

>> Note: the last sentence is consistent with RFC2251. 
>If your proposal is consistent with 2251, then mine should be too.

I quote from RFC2251: "Typical clients increment a counter for each
request."

Your statement is false.  It's Atypical for LDAP implementations to
"start with a random number between 1 and 2147483647."

Those who worry about being spoofed should be deploying TLS and other
security transport technologies.

>> If this is a security risk, I suggest adding a security consideration to 
>> both RFC2251 and this draft stating the applications concerned 
>> about spoofing should utilize a secure transport. 

>Use of random initial sequence numbers has been known for a long time to >improve the security of TCP against session hijacking attacks, without >requiring the use of a secure transport, which will be unavailable for >anonymous connections. I see no reason not to recommend it here.

TCP sequence numbers and LDAP messageIDs are apples and oranges.
In particular, LDAP messageIDs are not necessilary sequenced.

Kurt

References:
- RE: C API: minor comments
  - From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>

Prev by Date: RE: AuthzIDs or DNs, but not both
Next by Date: RE: C API: minor comments
Index(es):
- Chronological
- Thread