Re: WG last call for IPv4 AH and ESP

[Phil Karn <karn@qualcomm.com>]

>  For that particular case (intermediate router sending an ICMP
>message and desiring to authenticate the ICMP message back to the
>sender), if a Security Association does not exist the router
>could sign it using its private key that is associated with its
>Eastlake-Kaufman signed public key available from the DNS and
>an RSA signature.  This scales as well as the DNS and hence
>as well as the Internet as a whole.

I hate to keep harping on the same theme, but this is vulnerable to
denial-of-service attacks based on the CPU time it takes to verify a
public key signature. I could pose as a router and flood hosts around
the net with bogus ICMP messages. The fact that the signatures won't
verify is immaterial if my goal is just to get a lot of hosts to waste
a lot of CPU time.

How many router-generated ICMP messages are all that critical anyway?
Years ago when we did Requirements for Internet Hosts we deprecated
the practice of abruptly resetting TCP connections when ICMP Host
Unreachables come in. I can't think of too much that I would want to
do automatically in response to an ICMP message. Certainly nothing
drastic and permanent like resetting a connection. The most I'd do is
to log the message for possible debugging or analysis.

About the only exception is ICMP source quench, which I might respond
to by temporarily throttling a TCP window. This presents some
opportunities to degrade quality of network service, but nothing
really serious.

Phil

---

• Prev by Date: Re: (IPng) out-of-band key management is like virtual cir
• Next by Date: unsubscribe
• Prev by thread: MD5 for Authentication
• Next by thread: Re: WG last call for IPv4 AH and ESP
• Index(es):
  • Main
  • Thread