[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (in)security of ESP with header compression

To: Henry Spencer <henry@spsystems.net>
Subject: Re: (in)security of ESP with header compression
From: Michael Thomas <mat@cisco.com>
Date: Wed, 16 Apr 2003 15:51:39 -0700 (PDT)
Cc: IP Security List <ipsec@lists.tislabs.com>, rohc@ietf.org
In-Reply-To: <Pine.BSI.3.91.1030416163441.17861C-100000@spsystems.net>
References: <4.3.2.7.2.20030416121454.00b74328@mira-sjcm-1.cisco.com><Pine.BSI.3.91.1030416163441.17861C-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

Henry Spencer writes:
 > On Wed, 16 Apr 2003, David Mcgrew wrote:
 > > >...[IPComp] the key is that there is no inter-packet state...
 > > 
 > > That makes sense.   For the record, the IPCOMP definition concerns 
 > > inter-packet state, it says that "each IP datagram is compressed and 
 > > decompressed by itself without any relation to other datagrams".
 > 
 > And in fact, a careful reading of the specification tells you that this is
 > a bit mis-stated:  compression implementations are not just permitted but
 > encouraged to keep inter-packet state, e.g. to decide whether it is worth
 > trying to compress the next packet.  It's *decompression*, and only
 > decompression, which must not keep inter-packet state.  (And that is both
 > necessary and sufficient to make IPComp robust against loss or reordering
 > of packets.)

Well, I dunno what difference it makes because ROHC is
pretty stateful on both sides...

		Mike

References:
- Re: (in)security of ESP with header compression
  - From: David Mcgrew <mcgrew@cisco.com>
- Re: (in)security of ESP with header compression
  - From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: Question on SA Bundle
Next by Date: RE: (in)security of ESP with header compression
Prev by thread: Re: (in)security of ESP with header compression
Next by thread: Re: [rohc] FW: ESP and header compression (ROHC)
Index(es):
- Date
- Thread