Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

["Steven M. Bellovin" <smb at research.att.com>]

	 My understanding is that the TCP Over Satellite WG is considering the 
	use
	 of spoofing (at least as a research topic).  I presume this means that
	 IPSec and spoofing to improve performance on a long latency satellite
	 network are incompatible.   Is there any way to maintain security and
	 still do TCP spoofing for satellites (i.e., could you elaborate on the
	 evil)?

You're right -- IPsec will not permit window-size spoofing.  To understand
why, imagine that an enemy were to play games with window sizes --
probably sending small ones, but just large enough to avoid tickling the
silly window syndrome code; slamming the window shut (remember that
closed windows are probed very infrequently); opening it wide and then
slamming it shut (against the spec, but is your stack robust enough
to cope?), etc.

It's an interesting question how to have both good security and how
to play such TCP games.  There are other issues between IPsec and
ECN; I spoke at that BoF today.