On Thu, Sep 20, 2012 at 11:22 AM, Paul Wouters <[email protected]> wrote: > With the TLS compression attack of CRIME hitting the news recently, I > was wondering about this attack against IPsec compression.
Well, in so far as IPsec doesn't have cookies or anything like a bearer token, it's safe. However, if you were using IPsec to protect HTTP web traffic, and if the attacker can find some way to either be an IPsec peer of your client or get your client to use unsecured HTTP connections by which the attacker can inject adaptive chosen plaintext for use in HTTP secured with IPsec, then that would be vulnerable, yes. The key is: what's running on top of IPsec? My thinking is that compression of data needs to be pushed to as high a layer as possible (i.e., the application layer), where decisions about what to be compressed (e.g., bulk non-voice/non-real time, therefore bufferable data) can be left to the part of the system that can best make them (i.e., the application). Nico -- _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
