If I was an off-path attacker, and I couldn't drop your packets (but maybe I can see them), and I am not going to try to decrypt your packets, I would simply replay/make-up some packets. If I do this within the IPsec replay window, the receiving machines have to run the auth check, and so due to head-of-queue effects, the decrypt time might not be constant.
pgpvHTJBm3vkU.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
