[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
Henry Spencer writes:
> On Tue, 19 Sep 2000, Olivier Kreet wrote:
> > The best thing would probably be to have one tunnel per class of
> > service, but it is not always possible to set up parallel tunnels on
> > today's IPSec implementations (e.g. linux Freeswan).
>
> Also, whether this is "best" depends on your priorities. Making the TOS
> field visible -- whether in one tunnel or parallel tunnels -- provides a
> hint to traffic analysts and a covert channel for Trojan horses, so the
> underlying assumption that this should be done is itself questionable.
You really can't have it both ways though. In
practice, I'm not sure what this will have
really bought you from a traffic analysis
standpoint: if I sniff packets in a tunnel,
it's probably not going to take a lot of
effort to notice that the packets popping
out every 10ms are probably RTP packets.
As to whether it should be done: if my choice
is to mark the traffic and get acceptible QoS
or not mark the traffic and get unacceptible
QoS, any perceived security gain isn't buying
you much if the base level communication is
compromised beyond usability. It's not hard
to imagine congested links and real time
requirements where QoS is the critical problem.
> I note, also, that TOS isn't in 2401's list of packet selectors, so there
> is no requirement in the current IPsec architecture that such parallel
> tunnels be supported.
Arguably, IPsec is on the wrong side. The
RSVP aggregation draft allows selectors based
on TOS. There really should be flow selector
police so that there is consistent flow selection
requirements throughout IETF protocols.
Mike
References: