Hi Paul,
o Check message validity - in particular, check whether values of
Fragment Number and Total Fragments in Encrypted Fragment Payload
are valid. If not - message MUST be silently discarded.
should be changed to say:
o Check message validity - in particular, check whether values of
Fragment Number (must be <= Total Fragments) and Total Fragments
(must be >= previously seen Total Fragments for this message) in
Encrypted Fragment Payload are valid. If not - message MUST be
silently discarded.
It should clearly say that if Total Fragments is less than previously
seen then this fragment needs to be discarded.
But you must only do that after the decryption/authentication of the
fragment or we are back at square one with an easy DoS this whole
mechanism was supposed to protect us from.
Which of course means an attacker can just send crap faster that you can
verify it is crap after performing crypto on the fragment.
Not necessary. It depends on the state receiver currently is in.
When you receive very first fragment and start reassembly you
remember its Total Fragments field (of course after you validate message).
After that you have the following possibilities.
1. You receive fragment with the same Total Fragments.You continue
reassembling, adding this fragment to the queue, or discarding it
if it is a duplicate packet
2. You receive fragment with the smaller Total Fragments. It may either
be a late packet from the previous set of fragments (larger in size)
that accidently reach us, or it may be attack packet, or it may be
packet from broken peer. In any case it is safe to discard it
without any verification.
3. You receive fragment with greater Total Fragments. In this case,
if you already successfully reassembled message and send a response,
it most probably means that response didn't reach peer. In this
case it is safe to retransmit response without any verification
of fragment authenticity, it won't hurt peer even if it was faked fragment.
You may rate limit such responses or you may verify fragment before - as you
wish.
And if you support PMTU discovery, you may refragment response
into smaller fragments, but in this case it is better to verify
fragment before, as refragmentation cost is not zero.
If you still in the process of reassembling, than yes, you need
to verify fragment and, if it is valid, discard all received so
far fragments and start reassembling over, as it becomes clear
that peer decreased fragmen size and retransmits new set
of fragments, so its pointless for you to wait for the rest of
fragments from previous set.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
