Hi, Danny, Sorry for the very late response! m(_ _)m I tried to include this correspondence in updated/new draft.
The answer is in the following, 1. 3GPP Technical Specification TS.33.320 http://www.3gpp.org/ftp/specs/html-info/33320.htm -4.3.1 Backhaul link -4.4.5 Requirements on Backhaul Link -7.4 IPsec Tunnel Establishment In which, the mandatory implementation of IPsec ESP tunnel is described, or in other words "SHALL be provided" 2. In Taipei meeting, I disagreed with the opinion that identified timing packets weaken the synchronization protocol against the packet hijacking attack, because normal synchronization protocol is originally insecure to the underlying attack, no matter identifier is employed or not. More discussion is also provided in a new draft, Sec 3.2 http://datatracker.ietf.org/doc/draft-cui-tictoc-encrypted-synchronization Drafts are still being revised, any comment is highly appreciated. Thanks, Yang ================== Yang Cui, Ph.D. Huawei Technologies [email protected] > -----邮件原件----- > 发件人: [email protected] [mailto:[email protected]] 代表 > Danny Mayer > 发送时间: 2011年12月26日 11:11 > 收件人: [email protected] > 主题: [TICTOC] IPsec security for packet based synchronization > > The minutes of the taipei meeting state this: > > 6. IPsec security for packet based synchronization > > Yang Cui on behalf of the author, Yixian Xu, presented > > draft-xu-tictoc-ipsec-security-for-synchronization-02. This draft has had a > > large volume of discussion on list . There have been two basic questions > that > > have been brought up on the list: Do we need to encrypt timing packets? > Do > > we need to identify and decrypt timing packets right away (before > decrypting > > all traffic)? Yang indicated that the answer to question 1 is yes for 3GPPP > > Femtocell and that the draft provided the only efficient mechanism for > > carrying out a solution to the second question. It had been brought up on > the > > list that if timing packets were easily identified then they were more > susceptible > > to attackers, for which Yang disagreed. The authors a preparing a new > version of > > the draft which addresses the points discussed on the list. > > If the answer to question 1 is yes for 3GPP Femtocell then there needs > to be an explicit answer to why and what this is with a reference to > supporting documents and the section of the documents. > > Also Yang disagreed about the vunerability of identified timing packets > so he should state exactly why he disagrees along with any supporting > documents and sections of those documents. > > Danny > _______________________________________________ > TICTOC mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tictoc _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
