On Wed, 9 Oct 2013, Tero Kivinen wrote:
For example theo Check message validity - in particular, check whether values of Fragment Number and Total Fragments in Encrypted Fragment Payload are valid. If not - message MUST be silently discarded. should be changed to say: o Check message validity - in particular, check whether values of Fragment Number (must be <= Total Fragments) and Total Fragments (must be >= previously seen Total Fragments for this message) in Encrypted Fragment Payload are valid. If not - message MUST be silently discarded. It should clearly say that if Total Fragments is less than previously seen then this fragment needs to be discarded.
But you must only do that after the decryption/authentication of the fragment or we are back at square one with an easy DoS this whole mechanism was supposed to protect us from. Which of course means an attacker can just send crap faster that you can verify it is crap after performing crypto on the fragment. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
