[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transport-friendly ESP

To: Stephen Kent <kent@bbn.com>
Subject: Re: transport-friendly ESP
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Sat, 30 Jan 1999 15:23:39 -0500
cc: ipsec@tis.com, tf-esp@research.att.com
Sender: owner-ipsec@ex.tis.com

In message <v0401170bb2d7cf45438b@[128.33.238.173]>, Stephen Kent writes:
>Steve,
>
>As you and I discussed after the last IPsec WG meeting in Orlando, I am
>concerned by the possible adverse consqeunces of this approach to
>"cheating" with what purports to be an IP layer security protocol.  I'd
>rather offer ways of creating copies of pre-defined transport layer
>protocol information for access outside of the ESP protection boundary.  A
>moveable window of the sort you descibe could be misconfigured and allow
>substantial amounts of data to be transmitted in plaintext form.  In
>contrast, if we provide a means of carrying a plaingtext copy of selected
>transport layer info outside of the ESP payload, we can limit the damage
>that misconfiguration (bening or malicious) might inflict.
>
That was, in fact, my original idea.  A number of people objected, both on
grounds of ugliness but also because it supplied high-quality known plaintext
if the same information was both inside and outside.  It's still a reasonable
approach, and I'm certainly not committed to any particular design at
this point.

To deal with your concerns, my current thinking is that the the boundary
be negotiated semantically, rather than as a byte count, and that the
receiver MUST tear down any SA on which authentic (per the integrity check)
packets are received with the wrong boundary.

Btw -- I've cc'd both ipsec and tf-esp on this note, though the ongoing
discussion should take place on the latter list.

Prev by Date: Re: New IPSec Monitoring MIB draft
Next by Date: Re: transport-friendly ESP
Prev by thread: Re: transport-friendly ESP
Next by thread: Some more IPSEC MIB comments
Index(es):
- Main
- Thread