[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: End to End integrity
Perry:
Before Christmas, you said:
I'll point out something that we didn't discuss in sufficient detail
in San Jose. For very good reasons (so that you can have guarantees
about the integrity of the addresses) Ran's spec for v6 includes a
pseudoheader consisting of the invariant parts of the header of the IP
datagram in his authentication header. I strongly feel we should be
specifying something similar. This is doubly important in the
multicast case where a third party could simply re-label the origin of
the packet without any knowledge at all of the contents or key and
still have it check out just fine if the origin and destination
addresses are changed.
In a multicast environment, soure address is important, but destination
address is not very important. The multicast SAID indicates that the datagram
is protected for the group, but offers no information about the originator. If
the datagram decrypts and integrity checks correctly, then the recipient can be
confident that the datagram was sent by one of the multicast group members.
Inclusion of the source address in the protected portion of the datagram will
allow limitd authentication. It ensures that no one outside the multicast group
could have modified a previous transmission by one of the multicast group
members; however, it does not prohibit one of the multicast group members from
playing the same trick since multicast group members have access to the
appropriate keys.
The IEEE 802.10b Secure Data Exchange (SDE) protocol allows the originator to
include a source address in the protected header for the reasons that you cite.
The standard also explains the concern that I express above, and we should do
the same if we add a protected source address to our format.
Russ