Re: (in)security of ESP with header compression

[Derek Atkins <derek@ihtfp.com>]

Lars,

"Lars-Erik Jonsson (EAB)" <Lars-Erik.Jonsson@epl.ericsson.se> writes:

> > So, I don't see why IPCOMP should be any different than ESP or AH in
> > terms of packet independence.  If ROHC is truly dependent on packet
> > ordering, then I think this is a bug in ROHC and needs to be addressed
> > there.  It certainly limits the types of links in which ROHC can be
> > used.
> 
> The RFC 3095 profiles are defined with an assumption on in-order delivery
> from compressor to decompressor, but modified profiles could easily be
> defined to tolerate packet misordering. The ROHC WG just has not yet 
> addressed this issue, but we would appreciate input on the subject,
> especially motivations for us to look at it.

And this thread isn't sufficient motivation?  Summerizing the thread,
it would be useful to use ROHC to compress ESP tunnels, but that
implies the potential for out-of-order reception.

> BR
> /L-E 

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com