[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
In your previous mail you wrote:
While I certainly agree that the attack described in the Ferguson/Schneier
paper on ESP was esoteric, I disagree on your conclusion that
no damage will be done. Let's assume that no attack is occurring. What if
the system administrator enters the section of the key used for decryption
incorrectly? Authentication will work correctly, but right now, there is
no verification mechanism in place to assure that the plaintext is not
garbage, and once you pass garbage up to the upper layers, the behaviour is
system specific and unknown -- it could range from catastrophic to no
damage at all.
=> I don't buy this argument: upper layers are reading to eat garbage
because garbage can occur on lower layer transmisson errors. They
usually use a checksum for that.
Regards
Francis.Dupont@enst-bretagne.fr
References: