Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/Notes)

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

marcelo bagnulo wrote:
> > It is a know deficiency in the current HIP spec that it does not
> > directly support non-protected traffic.  However, if unencrypted,
> > non-integrity protected ESP was allowed, one could use the SPI
> > in the ESP header as a kind of condensed identifier, without
> > any cryptographic protection.
> I am not so sure.
> I would say that inlcuding unprotected identifiers instead of unprotected
> locators is weaker, since locators are somehow verified by the routing
> system and ingress filtering and identifiers (as currenlty proposed) are not
> verified. I mean, it would be trivial to impersonate an identifier, since
> the packet would be routed using the locator (this is not the case if
> locator and identifier are the same). Am i missing something?
Using an unprotected identifier (or a pointer to a cached
identifier) allows an attacker to send packets that may
be delivered to a wrong socket.  I don't see anything new there.

Allowing an unprotected packet to set up or change
identifier -> locator mapping seems to be dangerous.

Return routability based on a cryptographic challenge-response
that binds the different addresses genuinely together looks
like a secure enough solution.  However, it is hard to
implement in fewer than 3-4 messages (1.5 to two round trips)
without opening a resource exhaustion danger at the passive end.
An IP layer resource exhaustion attack would be more severe
than a TCP layer one, IMHO.

--Pekka Nikander