On 5/30/2022 8:28 AM, Valery Smyslov wrote:
Hi Joe, Christian,
...
I suggest we add the following text to the Security considerations:
TCP data injection attacks have no effect on application data since
IPsec provides data integrity. However, they can
Reviewer: Reese Enghardt
Review result: Ready with Nits
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.
For
On 5/30/2022 8:20 AM, to...@strayalpha.com wrote:
On May 30, 2022, at 8:00 AM, Christian Huitema wrote:
The bar against TCP injection attacks might be lower than you think. An
attacker that sees the traffic can easily inject TCP packet with sequence
number that fit in the flow control
Hi Joe,
From: to...@strayalpha.com [mailto:to...@strayalpha.com]
Sent: Tuesday, May 31, 2022 7:12 PM
To: Tero Kivinen
Cc: Valery Smyslov; Christian Huitema; sec...@ietf.org;
draft-ietf-ipsecme-rfc8229bis@ietf.org; ipsec@ietf.org; last-c...@ietf.org
Subject: Re: [Last-Call] [IPsec] Secdir
Hi Tero,
> Valery Smyslov writes:
> > Agree, that's what is in the suggested text:
> >
> >o if an attacker alters the content of the Length field that
> > separates packets, then the receiver will incorrectly identify the
> > margins of the following packets and will drop all of
Some notes below...
> On May 31, 2022, at 4:14 AM, Valery Smyslov wrote:
>
> Hi Joe,
>
> From: to...@strayalpha.com [mailto:to...@strayalpha.com]
> Sent: Monday, May 30, 2022 10:57 PM
> To: Tero Kivinen
> Cc: Valery Smyslov; Christian Huitema; sec...@ietf.org;
>
On May 31, 2022, at 8:29 AM, Tero Kivinen wrote:
>
> I think we should tear down the TCP stream immediately if we detect
> that length bytes can't be correct.
If that’s the case, then you’re opening up this approach to a much lower bar to
attacks.
It would be significantly more useful to find
Valery Smyslov writes:
> Agree, that's what is in the suggested text:
>
>o if an attacker alters the content of the Length field that
> separates packets, then the receiver will incorrectly identify the
> margins of the following packets and will drop all of them or even
>
Hi Joe,
From: to...@strayalpha.com [mailto:to...@strayalpha.com]
Sent: Monday, May 30, 2022 10:57 PM
To: Tero Kivinen
Cc: Valery Smyslov; Christian Huitema; sec...@ietf.org;
draft-ietf-ipsecme-rfc8229bis@ietf.org; ipsec@ietf.org; last-c...@ietf.org
Subject: Re: [Last-Call] Secdir last
Hi Tero,
> -Original Message-
> From: Tero Kivinen [mailto:kivi...@iki.fi]
> Sent: Monday, May 30, 2022 10:26 PM
> To: Valery Smyslov
> Cc: 'Christian Huitema'; sec...@ietf.org;
> draft-ietf-ipsecme-rfc8229bis@ietf.org; ipsec@ietf.org; last-
> c...@ietf.org
> Subject: RE: Secdir last
10 matches
Mail list logo