top | item 31444446

(no title)

TruePath | 3 years ago

Maybe I'm missing something, but seems pretty brittle to me. From what I can tell, since the decryption key is entirely derived from the information in the PSP header (SA/SPI) a bad actor who observes PSP encrypted packets from some other sender can simply copy that inner packet and the target machine will decrypt it as if it came from that sender.

The document acknowledges this but basically leaves it to other aspects of the network stack to defend against this (maybe there is some extra protection provided by the ICV check). Google's stack seems carefully designed to be secure in this way but it feels brittle.

Wouldn't it have been better to require a checksum of some of the exterior headers (source IP??) inside the encrypted section to block attempts to repackage the same encrypted content inside another packet. Or is that somewhere in there and I'm missing it?

discuss

No comments yet.