[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Paul Koning writes:
> I would support the concern that Greg raised.
>
> There is an increased use of finer-grained traffic classification, in
> which port numbers play a role.
>
> It is true that, for maximum security, this information may want to be
> hidden. Greg recognized that in his suggestion that the port number
> copy in the security header could be supplied as all zero.
1) Our packets are already too long, thanks to IPSec. Another four
bytes is going to be killer on slow links.
2) In general, it isn't a good idea to give people overly many
security knobs to tweak. Most of the time you want to defeat
traffic analysis anyway, and given that you are going to want to
recommend that people run without revealing their ports, "What is
the point?"
> By creating an *option* of supplying port information to the
> classifier, it allows a user to give up a small amount of security and
> gain the benefit of being classified into a different traffic category
> that has different (presumably better) service.
Its actually a fairly high amount of security. Were I attacking
someone's traffic, gaining information on which TCP connection is
which is invaluable. I might be able to extract that from timing
information already, but this way I'm *certain* to be able to extract
it, and have lots of nice known plaintext with it. Even if I can't
break the traffic, the traffic analysis information alone might be
sufficient to gain lots of interesting information, and I don't think
the benefit is actually that important in context.
Perry
References: