RE: data origin authentication

[Joern Sierwald <joern@f-secure.com>]

At 12:01 07.05.2002 -0700, you wrote:
>Hello, Joern
>if you are a bad guy and you own a in-bound SA you can produced a faked ESP
>packet that looks like its come from the other party of your in-bound SA.
>Then you can claim that you got this packet from the other party. So the
>data origin authentication of ESP (two parties know the same authentication
>key) don't deliver non-repudiation of data origin.  But a receiver can be
>sure that the sender of an incoming ESP packet is only the other party of
>the related in-bound SA or the receiver itself. For this proof, I guess, the
>receiver needs only <dst IP address, protocol (ESP), SPI> to find the
>related SA and the related authentication key. The receiver proofs the
>authentication value and this proof delivers the answer, if the sender has
>the identity the sender claimed. The check against the ip address of the
>sender saves time (if you do it before) and is a MUST but for the data
>authentication not really necessary. But I'm also a newcomer in IPSec and
>may be I'm wrong.
>Christina

I question the "for the data authentication not really necessary" part.

An example. Let's have a syslog client and server. syslog is _unidirectional_
UDP traffic. The connection between the client and the server is IPsec 
transport mode.
Now, the IP address of the client (src) shows
up in the logs of the server, and it is valuable information.
If a man-in-the-middle would just alter the src address of the packets, the 
information
in the server would be wrong. The point of authentication in ESP is that
the information was not altered in transit! Since the authentication 
trailer in ESP
does not handle the IP source address, the receiver has to check (memcmp)
the source address with the expected one. That's part of authentication.
Not some optimization to save time.

Jörn