Manav, On Mon, January 11, 2010 1:32 am, Bhatia, Manav (Manav) wrote: > Dan, > >> >> You trust the end nodes to negotiate WESP and encapsulate their ESP >> packets in WESP but you don't trust the content they put into those >> packets. Is that the trust model you're operating on? > > No. > > We trust the end nodes to put the right information in the WESP header. > But, we don't trust the intermediaries, that could have mangled the packet > so that it goes through the firewall/deep inspection device.
The fact that you require deep inspection of a packet sent by an end node means you don't trust the end node to put good bits into the packet. Yet you trust the end node to negotiate WESP and properly encapsulate ESP with WESP and do the checking of the (now unprotected) WESP header and normal ESP header. That's weird. If (the WESP header of) a packet was modified such that it avoided deep packet inspection but still passes a source and (non-WESP header) data integrity check why would you want to drop that packet? End-to-end protection (via ESP) means that you don't have to trust the intermediaries. And you don't. Great. So what exactly is the threat? Dan. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
