[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (in)security of ESP with header compression



On Wed, 16 Apr 2003, David Mcgrew wrote:
> >...[IPComp] the key is that there is no inter-packet state...
> 
> That makes sense.   For the record, the IPCOMP definition concerns 
> inter-packet state, it says that "each IP datagram is compressed and 
> decompressed by itself without any relation to other datagrams".

And in fact, a careful reading of the specification tells you that this is
a bit mis-stated:  compression implementations are not just permitted but
encouraged to keep inter-packet state, e.g. to decide whether it is worth
trying to compress the next packet.  It's *decompression*, and only
decompression, which must not keep inter-packet state.  (And that is both
necessary and sufficient to make IPComp robust against loss or reordering
of packets.)

                                                          Henry Spencer
                                                       henry@spsystems.net