[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Field Variance Analysis

To: Hilarie Orman <ho@cs.arizona.edu>
Subject: Re: Field Variance Analysis
From: "Perry E. Metzger" <perry@panix.com>
Date: Tue, 15 Aug 1995 09:36:06 -0400
Cc: cmetz@sundance.itd.nrl.navy.mil, ipsec@ans.net
In-Reply-To: Your message of "Mon, 14 Aug 1995 19:58:10 PDT." <199508150258.AA65199@interlock.ans.net>
Reply-To: perry@piermont.com


Hilarie Orman writes:
> >	The third is one that many people discount, claiming that IPSO is
> > just broken and shouldn't be a factor. I'm not here to judge IPSO,
> > but certain government organizations have a large IPSO deployed
> > base and they won't buy into IPsec at all if it leaves them SOL
> > with IPSO. Both the second and third on this list implies no
> > alternative but to protect IPv4 options if we are going to defend
> > against these attacks. If we aren't going to defend against these
> > attacks, then we can talk in terms of not authenticating options.
> 
> Might not the certain government organizations use encapsulation with
> a MD5 transform as a method of protecting the IPSO?

I believe that Hilarie has hit on the way to cut the gordian knot. If
the originating system wants to protect options under IPv4, it
probably should encapsulate the whole packet and not just the
transport.

Perry

References:

Re: Field Variance Analysis

From: Hilarie Orman <ho@cs.arizona.edu>

Prev by Date: Re: Field Variance Analysis
Next by Date: Re: Field Variance Analysis
Prev by thread: Re: Field Variance Analysis
Next by thread: Re: Field Variance Analysis
Index(es):
- Main
- Thread