RE: [rohc] RE: (in)security of ESP with header compression

["Lars-Erik Jonsson (EAB)" <Lars-Erik.Jonsson@epl.ericsson.se>]

Yes, I just assumed that such a "tunnel sequence number" would
be incrementally set. Otherwise it would not be useable for
detecting out-of-order packets.

/L-E


> I believe that the compressor also needs to be involved, 
> as reordering can only be detected by the decompressor
> if the compressor ensures that the sequence numbers it
> sends out are ordered.
> 
> Is there still an equivalent to the IPv4 protocol or IPv6
> Next Header field in the new ESP header?
>
> 
> > This is the approach we have previously discussed in ROHC
> > (just informally), and most tunneling protocols seem to have
> > a similar sequence number. The solution would then just be
> > a modified decompressor, making use of the tunnel sequence
> > number.
> > 
> > But still, someone should look more carefully at this, and
> > write something.
 
_______________________________________________
Rohc mailing list
Rohc@ietf.org
https://www1.ietf.org/mailman/listinfo/rohc