[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [rohc] RE: (in)security of ESP with header compression

To: Mikael Degermark <micke@cs.arizona.edu>, Yaron Sheffer <yaronf@gmx.net>
Subject: RE: [rohc] RE: (in)security of ESP with header compression
From: "Lars-Erik Jonsson (EAB)" <Lars-Erik.Jonsson@epl.ericsson.se>
Date: Fri, 18 Apr 2003 10:26:43 +0200
\Received: from sentry.rv.nailabs.com (firewall-user@sentry.gw.tislabs.com [192.94.214.100])by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id EAA08147Fri, 18 Apr 2003 04:23:39 -0400 (EDT)
Cc: rohc@ietf.org, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Yes, I just assumed that such a "tunnel sequence number" would
be incrementally set. Otherwise it would not be useable for
detecting out-of-order packets.

/L-E


> I believe that the compressor also needs to be involved, 
> as reordering can only be detected by the decompressor
> if the compressor ensures that the sequence numbers it
> sends out are ordered.
> 
> Is there still an equivalent to the IPv4 protocol or IPv6
> Next Header field in the new ESP header?
>
> 
> > This is the approach we have previously discussed in ROHC
> > (just informally), and most tunneling protocols seem to have
> > a similar sequence number. The solution would then just be
> > a modified decompressor, making use of the tunnel sequence
> > number.
> > 
> > But still, someone should look more carefully at this, and
> > write something.

Prev by Date: Re: CALL FOR DISCUSSION: DHCP over IKE vs Configuration Payload
Next by Date: RE: [rohc] RE: (in)security of ESP with header compression
Prev by thread: ID update: draft-touch-ipsec-vpn-05.txt
Next by thread: RE: [rohc] RE: (in)security of ESP with header compression
Index(es):
- Date
- Thread