[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FCC & Internet phones




Gary Howland writes:
> Adam Shostack wrote:
> > 
> >         Are you willing to play Mallet?  Drop IP packets, and look for
> > duplicates.  Those are TCP.  (IPSEC might handle this, but I bet there
> > will be broken implementations that save time by resending.)

Since the TCP and IP layers are not the same, this won't happen. The
retransmit occurs at the TCP layer and the IP layer will re-encrypt
with a new initialization vector.

> Are you saying UDP protocols don't retransmit un-acked packets?
> If not, then you can't be sure the duplicates are TCP.

Also true. Plus there are IPSEC transforms being talked about that
will put in replay elimination, so I doubt this is going to be a
problem.

On the other hand, you can detect TCP packets pretty easily by timing
them. They will usually follow a nice Van J. algorithm profile.

Perry