Re: FCC & Internet phones
-----BEGIN PGP SIGNED MESSAGE----- Adam Shostack wrote:
Loren James Rittle wrote: | >Most | >presumably use a mix of a UDP data connection and tcp for control | >functions. | | OK, everything after the IP header is encrypted. I don't even know | which protocol is in use.
Are you willing to play Mallet? Drop IP packets, and look for duplicates. Those are TCP. (IPSEC might handle this, but I bet there will be broken implementations that save time by resending.)
Are you saying UDP protocols don't retransmit un-acked packets? If not, then you can't be sure the duplicates are TCP. Gary - -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@kampai.euronet.nl> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMUVWwioZzwIn1bdtAQHQaAGA1EjYZpEKrie9t/eIohlrHCC4rUY8Dzu1 HgB+1ZbAS8X7hIRb3eSHLlBB13LZtkDH =4Tgg -----END PGP SIGNATURE-----
Gary Howland writes:
Adam Shostack wrote:
Are you willing to play Mallet? Drop IP packets, and look for duplicates. Those are TCP. (IPSEC might handle this, but I bet there will be broken implementations that save time by resending.)
Since the TCP and IP layers are not the same, this won't happen. The retransmit occurs at the TCP layer and the IP layer will re-encrypt with a new initialization vector.
Are you saying UDP protocols don't retransmit un-acked packets? If not, then you can't be sure the duplicates are TCP.
Also true. Plus there are IPSEC transforms being talked about that will put in replay elimination, so I doubt this is going to be a problem. On the other hand, you can detect TCP packets pretty easily by timing them. They will usually follow a nice Van J. algorithm profile. Perry
Gary Howland wrote: | Adam Shostack wrote: | > Loren James Rittle wrote: | > | >Most | > | >presumably use a mix of a UDP data connection and tcp for control | > | >functions. | > | | > | OK, everything after the IP header is encrypted. I don't even know | > | which protocol is in use. | > | > Are you willing to play Mallet? Drop IP packets, and look for | > duplicates. Those are TCP. (IPSEC might handle this, but I bet there | > will be broken implementations that save time by resending.) | | Are you saying UDP protocols don't retransmit un-acked packets? | If not, then you can't be sure the duplicates are TCP. Err, yes. Thats the point of UDP; its unreliable and has no acknowweldgement. "The User Datagram Protocol uses the underlying Internet Protocol to transport a message from one machine to another, and provides the same unreliable, connectionless datagram delivery semantics as IP." (Comer, 11.3) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (3)
-
Adam Shostack -
Gary Howland -
Perry E. Metzger