[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [rohc] RE: (in)security of ESP with header compression

To: Yaron Sheffer <yaronf@gmx.net>
Subject: RE: [rohc] RE: (in)security of ESP with header compression
From: "Lars-Erik Jonsson (EAB)" <Lars-Erik.Jonsson@epl.ericsson.se>
Date: Fri, 18 Apr 2003 09:34:18 +0200
Cc: rohc@ietf.org, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Yaron,

> ESP includes a 32-bit sequence number. It is mandatory for 
> the sender to set and increment it correctly, but optional
> for the receiver to verify it. It is there to prevent
> malicious replay of messages.
>
> Under these assumptions, I don't believe any change to the
> operating assumptions of ROHC, or a new ROHC profile, is
> needed. This is not "ROHC over tunnels" but only "ROHC over
> ESP", but it's still an interesting case.

This is the approach we have previously discussed in ROHC
(just informally), and most tunneling protocols seem to have
a similar sequence number. The solution would then just be
a modified decompressor, making use of the tunnel sequence
number.

But still, someone should look more carefully at this, and
write something.

Rgds,
/L-E

Follow-Ups:
- Re: [rohc] RE: (in)security of ESP with header compression
  - From: "Mikael Degermark" <micke@cs.arizona.edu>

Prev by Date: RE: [rohc] RE: (in)security of ESP with header compression
Next by Date: Re: [rohc] RE: (in)security of ESP with header compression
Prev by thread: RE: [rohc] RE: (in)security of ESP with header compression
Next by thread: Re: [rohc] RE: (in)security of ESP with header compression
Index(es):
- Date
- Thread