Re: [Karen Seo: Thomas Narten -- clarification, etc.]

[Gordon Oliver <gordo@telsur.cl>]

... Michael Richardson said ...
>>>>>> "Thomas" == Thomas Narten <narten@raleigh.ibm.com> writes:
>    Thomas> If the sender "recognizes" the option, but the receiver
>    Thomas> does not, presumably there is no issue. The receiver will
>    Thomas> not know what to do with the header and toss the
>    Thomas> packet. It doesn't really make sense for a receiver to
>
>  Maybe. Or, maybe some headers are designed to be passed to some (unknown to
>IPsec) upper layer.

Any header that IPsec cannot quantify as being immutable, it will not be
able to authenticate... That is a security risk (severe) if the upper layer
thinks it has protection. This is the same as the aforementioned case of
a low-level header that goes through security gateways unprotected... 

>  Second, you have to do AH checking first. If not, then the bad guy
>just changes headers to bad values, and the receiver discards them. If
>the header was covered by AH, then it should really cause an
>authentication fail, (which should mean to some user that something
>bad is happening) rather than an "invalid option" header.

This assumes a particularly strange threat model... A "bad guy" who can
change headers to bad values can just change the AH header to a bad value.
suddenly there is no authentication... I'm not at all clear on what you
could hope to gain by authenticating a message that you know is bad.
	-gordo

---

• Prev by Date: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
• Next by Date: Re: (IPng 5744) Re: [Karen Seo: Thomas Narten -- clarification, etc.]
• Prev by thread: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
• Next by thread: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
• Index(es):
  • Main
  • Thread