Re: [IPsec] [secdir] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

Thu, 02 Jun 2022 07:41:56 -0700 

See below...
—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

> On Jun 1, 2022, at 9:53 AM, Valery Smyslov <s...@elvis.ru> wrote:
> 
> Hi Joe,
>  
> From: secdir [mailto:secdir-boun...@ietf.org 
> <mailto:secdir-boun...@ietf.org>] On Behalf Of to...@strayalpha.com 
> <mailto:to...@strayalpha.com>
> Sent: Wednesday, June 01, 2022 5:43 PM
> To: Valery Smyslov
> Cc: draft-ietf-ipsecme-rfc8229bis....@ietf.org 
> <mailto:draft-ietf-ipsecme-rfc8229bis....@ietf.org>; sec...@ietf.org 
> <mailto:sec...@ietf.org>; ipsec@ietf.org <mailto:ipsec@ietf.org>; 
> last-c...@ietf.org <mailto:last-c...@ietf.org>
> Subject: Re: [secdir] [Last-Call] [IPsec] Secdir last call review of 
> draft-ietf-ipsecme-rfc8229bis-06
>  
> Hi, all,
>  
> Overall, it seems sufficient to:
>  
> - highlight how much more vulnerable this tunnel makes IPsec to DOS attacks
>           i.e., that single packets can cause the entire connection to need 
> to be reset
>  
>           Already in the draft.
>  
> - indicate that there IS a way to avoid that hit by re-syncing
>           the sync requires a scan, but that in some cases such a scan can be 
> more 
>           efficient in than starting a new connection, although it does mean 
> that such 
>           an attack may be more likely moving forward (note: restarting a 
> connection
>           might provide useful information to an attacker, where continuing 
> may hide
>           the impact of such an attack too, so resync has cons and pros).
>  
>           I’ve added some text about the possibility of a resync. 
>           About information for an attacker – if we talk about off-the-path 
> attacker,
>           then in general it is unaware of the results of its attack, it may 
>           only guess them indirectly. And since resync will take some time 
> and 
>           thus introduce some delay, that may be visible to attacker, I’m not 
> sure 
>           which method is preferable in this context – everything depends on
>           specific conditions for the attacker.

Yes, but a connection restart is much more potentially visible to an external 
viewer than a few IPsec packets inside the transfer being discarded.

Joe
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to