[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: Steve.Robinson@psti.com
Subject: Re: Simplifying IKE
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Thu, 09 Aug 2001 17:49:41 +0200
cc: andrew.krywaniuk@alcatel.com, "'Dan McDonald'" <danmcd@East.Sun.COM>, ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com, "'Sandy Harris'" <sandy@storm.ca>
In-reply-to: Your message of Thu, 09 Aug 2001 10:10:14 EDT. <OF9C738F7C.6465F668-ON80256AA3.004CAA27@psti.com>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   While I certainly agree that the attack described in the Ferguson/Schneier
   paper on ESP was esoteric, I disagree on your conclusion that
   no damage will be done.  Let's assume that no attack is occurring.  What if
   the system administrator enters the section of the key used for decryption
   incorrectly?  Authentication will work correctly, but right now, there is
   no verification mechanism in place to assure that the plaintext is not
   garbage, and once you pass garbage up to the upper layers, the behaviour is
   system specific and unknown -- it could range from catastrophic to no
   damage at all.

=> I don't buy this argument: upper layers are reading to eat garbage
because garbage can occur on lower layer transmisson errors. They
usually use a checksum for that.

Regards

Francis.Dupont@enst-bretagne.fr

References:

RE: Simplifying IKE

From: Steve.Robinson@psti.com

Prev by Date: Re: Simplifying IKE
Next by Date: Re: Simplifying IKE
Prev by thread: RE: Simplifying IKE
Next by thread: RE: Simplifying IKE
Index(es):
- Main
- Thread