[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CONSENSUS TEST: Fragmentation handling
On Wed, Apr 07, 2004 at 12:23:18AM +0200, Francis Dupont wrote:
> You lost me there. How does incoming fragment reassembly violate the
> goal of confidentiality?
>
> => anything which tries to look at inside my packets violates my
> confidentiality, and I don't like this at all from something which
> is supposed to protect it. IMHO a router should not look at something
> which is not in the IP header, or do you argue we should only use
> IPsec end-to-end? (I am not against the idea but this is a bit drastic).
Um, fragment reassembly means that you are copying the bits around,
but you are not actually "looking" at it. Many implementations end up
copying the bits around anyway as they add and subtract headers, and
certainly if they are encrypting the data payload!
Also, as others have pointed out, when we do port-specific selectors,
the implementation is forced to actually "look" at something which is
beyond the IP header.
So when you say this violates the goal of confidentiality, this seems
to involved a very strange definition of confidentiality, which most
IPSEC implementations are violating anyway. If you don't trust the
IPSEC processor to reassemble your fragments, why are you trusting to
encrypt your packets? Both involve "looking" at the data payload to
roughly the same extent!
- Ted