[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Field Variance Analysis



In message <199508151336.JAA04440@panix4.panix.com>, "Perry E. Metzger" writes:
>Hilarie Orman writes:
>> >	The third is one that many people discount, claiming that IPSO is
>> > just broken and shouldn't be a factor. I'm not here to judge IPSO,
>> > but certain government organizations have a large IPSO deployed
>> > base and they won't buy into IPsec at all if it leaves them SOL
>> > with IPSO. Both the second and third on this list implies no
>> > alternative but to protect IPv4 options if we are going to defend
>> > against these attacks. If we aren't going to defend against these
>> > attacks, then we can talk in terms of not authenticating options.
>> 
>> Might not the certain government organizations use encapsulation with
>> a MD5 transform as a method of protecting the IPSO?
>
>I believe that Hilarie has hit on the way to cut the gordian knot. If
>the originating system wants to protect options under IPv4, it
>probably should encapsulate the whole packet and not just the
>transport.

	Consider the goal of protecting source routes. If you do things
this way, you would build a packet of (my notation may be wierd to some):

	IPv4 AH IPv4 LSRR ULP

	You have two options. You either don't do the LSRR, in which case
having it there in the first place is a waste, or you only get intermediate
authenticity guarantees because each hop has to decapsulate it and re-
encapsulate it, doing the appropriate AH processing on each operation. Keep
in mind my second example in part 1. You can't get end-to-end LSRR security
and have the LSRR do something useful using a tunnel, IMO.

									-Craig