[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful

To: ji@research.att.com
Subject: Re: TOS copying considered harmful
From: itojun@iijlab.net
Date: Thu, 14 Sep 2000 20:05:53 +0900
cc: henry@spsystems.net, ipsec@lists.tislabs.com
In-reply-to: ji's message of Wed, 13 Sep 2000 23:12:19 -0400. <200009140312.XAA15589@bual.research.att.com>
Sender: owner-ipsec@lists.tislabs.com


>> First, copying TOS is a security leak:  it permits an eavesdropper to
>Not more so than keeping the same packet size (rounded up to a multiple
>of 8).  To the extent that someone wants to rely on the TOS field, they  
>should be able to do so.  ANyone running a tunnel paranoid enough to
>be worried about potential TA based on the TOS field will also know enough
>to pad packets and blot out the TOS field.
>
>I say leave it alone.

	i think it makes more sense for tunnel ingress node to construct
	the TOS field value.  also, we should look at
	draft-ietf-ipsec-ecn-02.txt (what is the status of this one?
	it looks expired)

	are there any implementation which checks, on IPsec tunneled
	packet egress processing, if inner TOS value == outer TOS value?  I bet
	there's none, and it is impossible as outer TOS may be overwritten
	by diffserv/ECN-capable intermediate devices.
	so even if (1) we change the spec or (2) no spec change, but
	some implementation did non-conformant outer TOS initialization on
	ingress, noone will notice.

itojun

References:

Re: TOS copying considered harmful

From: ji@research.att.com

Prev by Date: RE: TOS copying considered harmful
Next by Date: Re: TOS copying considered harmful
Prev by thread: Re: TOS copying considered harmful
Next by thread: RE: TOS copying considered harmful
Index(es):
- Main
- Thread