[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [rohc] RE: (in)security of ESP with header compression
>>>>> "Yaron" == Yaron Sheffer <yaronf@xxxxxxx> writes:
Yaron> Hi Steve, I see a trade-off here between tweaking ROHC to deal
Yaron> with reordering channels (it may be easy or hard, I don't
Yaron> know) and tweaking the ESP *implementation* to undo such
Yaron> reordering. I accept that the RFC doesn't mandate or even
Yaron> suggest it, and from an architectural perspective it's not
Yaron> clean. But it's a minor change to the implementation of
Yaron> sequence-number handling in ESP...
Nonsense. It's a very major change in the implementation of ESP.
ESP processes IP packets one at a time. It does not care whether they
are being reordered; it does not, repeat NOT, put them in any order
different from the order in which they arrived.
To do what you suggest would be a large redesign, which would also
completely ruin performance. ("Fragmentation considered Harmful" by
Jeff Mogul explains this nicely, for a different case where the same
considerations are valid.)
Note also that there are a bunch of ESP implementations done in
silicon. For those, what you propose is even more unreasonable than
it would be for a software implementation. But I don't think any
implementer of either kind of implementation would consider your