[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful

To: ji@research.att.com
Subject: Re: TOS copying considered harmful
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 14 Sep 2000 00:15:24 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <200009140312.XAA15589@bual.research.att.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 13 Sep 2000 ji@research.att.com wrote:
> > First, copying TOS is a security leak...
> 
> Not more so than keeping the same packet size (rounded up to a multiple
> of 8)...  ANyone running a tunnel paranoid enough to
> be worried about potential TA based on the TOS field will also know enough
> to pad packets and blot out the TOS field.

There is provision in ESP for adding extra padding to disguise packet
size, should an implementation wish to do so.  There is no equivalent
authorization to obscure the TOS -- any such "blotting out" is currently a
violation of the IPsec specifications, and it is conceivable that odd
implementations could somehow rely on it not being done.  I can understand
not making it mandatory (although IPsec already has too many optional
behaviors), but it should at least be permitted.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: TOS copying considered harmful

From: ji@research.att.com

Prev by Date: Re: TOS copying considered harmful
Next by Date: RE: TOS copying considered harmful
Prev by thread: Re: TOS copying considered harmful
Next by thread: Re: TOS copying considered harmful
Index(es):
- Main
- Thread