Re: ICMP Security Failures

[Michael Richardson <mcr@milkyway.com>]

> With IP-AH-ULP the router needs the key used to generate the AH. Otherwise 
> the intervening router could only check, that there is an AH present, but 
> could not check if AH is correct. Sharing the key with the router on the 
> other hand degrades security, because the router can forge the AH of the host.

  This is true. I don't see a general solution to this using the MD5 
transforms.
Digital signature checking scares me.

> With IP-AH-AH-ULP the sending host could generate one AH with the key shared with
> the router and the other AH  with a key shared with the other host.

  This works fine with one security gateway. Road warrior to home base, say.
  A typical case might involve two gateways: one at each end. I prove to my 
gateway that I'm authorized to use the internet, I then prove to your gateway 
that I'm authorized to pass through it, and then finally prove to your host 
that
I am who I say I am. 
  This is independant of whether or not our gateways happen to implement a 
tunnel to provide privacy as well.

  But, it gets worse. Let's say I want to reserve bandwidth (I don't know much
about these efforts, btw) for a video conference. How many routers will have
to authenticate my packets before giving them preference? And will 
authenticating these packets take so long as to make the bandwidth reservation
pointless?

---

References:

• Re: ICMP Security Failures
• From: Uwe Ellermann <Ellermann@cert.dfn.de>

---

• Prev by Date: Re: AH/ESP & Replay Protection
• Next by Date: No Subject
• Prev by thread: Re: ICMP Security Failures
• Next by thread: Re: ICMP Security Failures
• Index(es):
  • Main
  • Thread