[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (in)security of ESP with header compression
David,
The ESP processing order at the receiver is authenticate then
decrypt, IF there are separate authentication and encryption
algorithms employed, i.e., the common case today. The structure of
the payload requires this, since the integrity check is applied to
the ciphertext, not the plaintext, by the sender.
That says that the transmitter processing order is:
- map to SA (the outbound access control check)
- compress if appropriate
- encrypt
- integrity check
At the receiver the processing is defined as:
- map to SA using SPI ( a demuxing operation, not a security check)
- validate sequence number
- integrity check
- decrypt
- decompress if appropriate
- check against selectors (the inbound access control check)
Sorry for any confusion re my previous response in not spelling out
all the steps and why they are performed in the order indicated.
Given this ordering of processing steps, it would seem that the main
issue for a stateful compression algorithm like ROHC is to be smart
about reacting to out of order arrival, a fact of life if it is to be
used in the IPsec context.
Steve