[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

To: "Steven M. Bellovin" <smb@research.att.com>, ablair@erols.com
Subject: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
From: Christian Huitema <huitema@bellcore.com>
Date: Tue, 31 Mar 1998 23:36:11 -0500 (EST)
Cc: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>, iesg@ns.ietf.org, ipsec@tis.com, ietf@ns.ietf.org, tcp-over-satellite@achtung.sp.trw.com
In-Reply-To: "Steven M. Bellovin" <smb@research.att.com> "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard" (Mar 30, 11:15pm)
References: <199803310715.CAA15246@smb.research.att.com>
Sender: owner-ipsec@ex.tis.com

On Mar 30, 11:15pm, Steven M. Bellovin wrote:
> Subject: Re: Last Call: Security Architecture for the Internet Protocol to
> 	 My understanding is that the TCP Over Satellite WG is considering the 
> 	use
> 	 of spoofing (at least as a research topic).  I presume this means that
> 	 IPSec and spoofing to improve performance on a long latency satellite
> 	 network are incompatible.   Is there any way to maintain security and
> 	 still do TCP spoofing for satellites (i.e., could you elaborate on the
> 	 evil)?
> 
> You're right -- IPsec will not permit window-size spoofing.  To understand
> why, imagine that an enemy were to play games with window sizes --
> probably sending small ones, but just large enough to avoid tickling the
> silly window syndrome code; slamming the window shut (remember that
> closed windows are probed very infrequently); opening it wide and then
> slamming it shut (against the spec, but is your stack robust enough
> to cope?), etc.
> 
> It's an interesting question how to have both good security and how
> to play such TCP games.  There are other issues between IPsec and
> ECN; I spoke at that BoF today.

By the way, it should be noted that the only rationale, if any, for
TCP spoofing in the satellite relays is the inadequacy of the end-to-end
TCP implementation.  The specificities of satellites and their interaction
with transport protocols have been known for more than 15 years, and the
cure is also very well known: use large windows, use selective 
acknowledgments.  The only slightly researchy subject is the possible
use of pacing mechanisms to avoid the swings caused by large windows.
TCP support both large windows and selective acknowledgements.  A user
that opts for end to end encryption will still get good performances
over satellite links if they also select proper TCP implementations.

-- 
Christian Huitema
----------
See you at INET'98, Geneva 21-24,July 98 http://www.isoc.org/inet98/

Follow-Ups:

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Eric Travis <travis@clark.net>

Prev by Date: Re: VPN mailing list
Next by Date: draft-ietf-ipsec-internet-key-00.txt
Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Index(es):
- Main
- Thread