On Fri, 25 Dec 2015, Valery Smyslov wrote:
I've posted a new draft on using compression in IKEv2. Comments, thoughts, criticism are very very welcome.
This draft makes me nervous, as compression has been removed from encryption specifications in the last few years. I find the security considerations also weak on this. It basically says "if you think compression might be security issue, don't use it". Which isn't helpful at all to implementors. I am also worried about the security of maliciously compressed payloads, eg a zillion 0's, and other corner cases such as AUTH-NULL clients. I'm also not yet very convinced about the use case. For instance, the mentioned explosion of algorithms supported causing big IKE_INIT packets seems very unlikely for IoT devices which most likely only support 1 or 2 algorithms anyway. Note I'm not strongly against it. I just need more convincing. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec