Re: [Hipsec] IPCOMP support in HIP

Derek Fawcus <dfawcus+lists-hipsec@employees.org> Thu, 10 March 2016 20:52 UTC

Return-Path: <dfawcus@employees.org>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA05512DCFB for <hipsec@ietfa.amsl.com>; Thu, 10 Mar 2016 12:52:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=dfawcus+lists-hipsec@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RV7ivGyHtJXA for <hipsec@ietfa.amsl.com>; Thu, 10 Mar 2016 12:52:23 -0800 (PST)
Received: from cowbell.employees.org (cowbell.employees.org [IPv6:2001:1868:a000:17::142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2D5D12DCFA for <hipsec@ietf.org>; Thu, 10 Mar 2016 12:52:23 -0800 (PST)
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 3BD21D7895; Thu, 10 Mar 2016 12:52:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=selector1; bh=F0dGbJZeOR1x2ch+f8ONdA+UpNA=; b=cE pMxsgq2wAMVt6gTwJ0t4TSK9vaWK9y7t4Uv5F0B7P1ZBN6FS9Ffitp/eZrou7lQw FzqJ46sGNN1vxn7kSQTHRuEEnS7bBXjlJ/M6O0CPCbzRvtPNd5/aGSODWXuCdR0T uzo6ZbCzt/QXIWA9E+7pOA7rTusVhI37EHGxpwJ7Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=selector1; b=ejA6o0r+s6wJb/C0QC6b6FWLn45n ICmPFXnnlmyAvW2EqrFsNnNkfHxTbnZb3B6tyjYQwsqfyWF1ffda15jsHlf7hDSO oKz8R+ddQ/fIQTRgVNJuE5gMwB3yXXieJv+j0E9qkQfIi2PtHnmSegOaxCB+qv4q L+qLa9K0QI5+mEI=
Received: by cowbell.employees.org (Postfix, from userid 1736) id 37249D7893; Thu, 10 Mar 2016 12:52:22 -0800 (PST)
Date: Thu, 10 Mar 2016 20:52:22 +0000
From: Derek Fawcus <dfawcus+lists-hipsec@employees.org>
To: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <20160310205222.GA39508@cowbell.employees.org>
Mail-Followup-To: Robert Moskowitz <rgm@htt-consult.com>, hipsec@ietf.org
References: <56E03F56.5040300@htt-consult.com> <56E176AB.5070709@htt-consult.com> <20160310191041.GA14546@cowbell.employees.org> <56E1C89B.5040509@htt-consult.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <56E1C89B.5040509@htt-consult.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/hipsec/V8ndkJGNFIJf0JbZ7zXm-DvL1wg>
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] IPCOMP support in HIP
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 20:52:26 -0000

On Thu, Mar 10, 2016 at 02:18:51pm -0500, Robert Moskowitz wrote:
> Fair point.  I really cannot convert TLS specifications to packet 
> content.  I suspect there are things exposed?
[snip]
> I do suspect that TLS is different in how it does compression, and if it 
> is being abandoned, so sad.
quite possibly.

> But can you point me to a paper on the TLS compression attack?

I'm afraid not,  I just recall reading up on some of the TLS attacks
when they were publicised,  and seeing that some of them were related
to compression.  A bit of poking around though yielded:
    http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
I also spotted this,  but it doesn't add much:
    https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/abstracts/barghavan.pdf

I did avail myself of google before my prior email,  it suggested CRIME
and BREACH.   Where the latter seems to be HTTP specific,  and a chosen
plain text attack.

So all I'm suggesting is to be careful,  and do appropriate comparisions,
to see if one can ensure enabling compression does not enable an attack
mode similar to those seen with TLS.  Since I'm not sure if the lack
of attacks against ESP+IPCOMP is due to inherent robustness,  or simply
a lack of trying.

DF