On Wed, 9 Oct 2013, Tero Kivinen wrote:

For example the

  o  Check message validity - in particular, check whether values of
     Fragment Number and Total Fragments in Encrypted Fragment Payload
     are valid.  If not - message MUST be silently discarded.

should be changed to say:

  o  Check message validity - in particular, check whether values of
     Fragment Number (must be <= Total Fragments) and Total Fragments
     (must be >= previously seen Total Fragments for this message) in
     Encrypted Fragment Payload are valid. If not - message MUST be
     silently discarded.

It should clearly say that if Total Fragments is less than previously
seen then this fragment needs to be discarded.

But you must only do that after the decryption/authentication of the
fragment or we are back at square one with an easy DoS this whole
mechanism was supposed to protect us from.

Which of course means an attacker can just send crap faster that you can
verify it is crap after performing crypto on the fragment.

Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to