"ISAKMP" flaws?

William Allen Simpson wsimpson at greendragon.com
Fri Nov 18 13:35:30 EST 2005 

Florian Weimer wrote:
> Photuris uses a baroque variable-length integer encoding similar to
> that of OpenPGP, a clear warning sign. 8-/ 

On the contrary:

  + a VERY SIMPLE "variable-length integer encoding", where every number
    has EXACTLY ONE possible representation (unlike ASN.1 which even the
    spell-checker wants to replace with assinine).

  + "similar to that of OpenPGP", the most common Open Source security
    software of the era, where the code could be easily reused (as it
    was in the initial implementation).


> The protocol also contains
> nested containers which may specify conflicting lengths.  This is one
> common source of parser bugs.
> 
On the contrary, where are internal nested containers in the protocol?

However, as most things that cross the INTER-net, the packets are
encapsulated in UDP, IP, and some media frame, all of which may have
their own length.  That why there are copious "implementation notes",
saying for example:

    When processing datagrams containing variable size values, the length
    must be checked against the overall datagram length.  An invalid size
    (too long or short) that causes a poorly coded receiver to abort
    could be used as a denial of service attack.

I remember some observers complaining about the 17 warnings concerning
comparing the variable length to the UDP length, saying it cluttered
the specification.

I remember some implementers cheering about the 17 warnings concerning
comparing the variable length to the UDP length, saying it helped
clarify the specification as they wrote the code.

I defy you to find an INTER-net protocol without RTP/TCP/UDP, IP, and
media framing....

At the time, I only had 17 years of protocol implementation experience.
Another decade later, it still seems (to me) one of my better efforts.

Again, the ISAKMP flaws were foreseeable and avoidable.  And Photuris
was written before the existence of ISAKMP.

-- 
William Allen Simpson
     Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list