Paul Wouters writes: > On Wed, 9 Oct 2013, Tero Kivinen wrote: > > > For example the > > > > o Check message validity - in particular, check whether values of > > Fragment Number and Total Fragments in Encrypted Fragment Payload > > are valid. If not - message MUST be silently discarded. > > > > should be changed to say: > > > > o Check message validity - in particular, check whether values of > > Fragment Number (must be <= Total Fragments) and Total Fragments > > (must be >= previously seen Total Fragments for this message) in > > Encrypted Fragment Payload are valid. If not - message MUST be > > silently discarded. > > > > It should clearly say that if Total Fragments is less than previously > > seen then this fragment needs to be discarded. > > But you must only do that after the decryption/authentication of the > fragment or we are back at square one with an easy DoS this whole > mechanism was supposed to protect us from.
We can drop the packets which have Total Fragments less than previously seen authenticated fragment. To drop packets in the queue, or update the total fragments value needs to be done only based on the authenticated packet, and the document already had those steps after ICV verification, so it already did that correctly. The document was just not really explaining what the message validity checks done in the first bullet point. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
