Re: secure replacements for passwords


CERF@A.ISI.EDU
1 Mar 1987 10:48-EST


In the design of the TCP, we intended to detect half-open connections and
to resolve them by means of the RST criteria. The line of reasoning was
that the discovery would occur if an attempt were made to re-open an
already (from recipient perspective) open connection. Similarly, such a
half-open connection could be detected if a data packet were received
on an otherwise closed connection.

Once a connection had reached an established state, our primary objective
was to deal with integrity in the face of various failures included pre-
historic packets arriving at inopportune moments.

Now, there were so many possible ways to spoof things, given the right
level of access and control over the data flowing on the connection
that we appealed to cryptographic methods where serious spoofing was a
concern.

It looks as if we overlooked the fact that the SENDER of a precognitive
ACK might already have accepted bogus data. Our analysis, as I dimly
recall it, centered on a bogus (prehistoric) precognitive ACK which
had NOT actually been sent by the current party at the other end of
the connection. I believe we assumed that the probability of the other
side receiving a valid data packet which had NOT been sent was small
because of the size of the sequence number space and the probably age
of a packet which did, in fact, arrive so inopportunely sequence numbered.

The change you suggest might catch an attempt at spoofing, but I submit
that any serious concerns about spoofing are inadequately addressed by
anything less than and/end security techniques.

Ignoring spoofing, it is fair to say, in my view, that the scenario in
which an old packet engenders what looks like a precognitive ACK is
a bad case since the precognitive ACK will be sent after the data
recipient has accepted as valid an ancient piece of information.
Rather than quietly continuing the connection, this sounds serious
enough to warrant a more drastic indication of a problem.

It will be essential to assure that if a RST is used, it WILL
reset the connection if the other side really has accepted bad data
but will NOT reset it if the precognitive ACK is really prehistoric.

It will be very interesting to see what the other members of this
community have to say about the analysis and consequences.

Vint Cerf



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:37:43 GMT