[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
>> First, copying TOS is a security leak: it permits an eavesdropper to
>Not more so than keeping the same packet size (rounded up to a multiple
>of 8). To the extent that someone wants to rely on the TOS field, they
>should be able to do so. ANyone running a tunnel paranoid enough to
>be worried about potential TA based on the TOS field will also know enough
>to pad packets and blot out the TOS field.
>
>I say leave it alone.
i think it makes more sense for tunnel ingress node to construct
the TOS field value. also, we should look at
draft-ietf-ipsec-ecn-02.txt (what is the status of this one?
it looks expired)
are there any implementation which checks, on IPsec tunneled
packet egress processing, if inner TOS value == outer TOS value? I bet
there's none, and it is impossible as outer TOS may be overwritten
by diffserv/ECN-capable intermediate devices.
so even if (1) we change the spec or (2) no spec change, but
some implementation did non-conformant outer TOS initialization on
ingress, noone will notice.
itojun
References: