[e2e] purpose of pseudo header in TCP checksum

[Vadim Antonov]

On Wed, 16 Feb 2005, Joe Touch wrote:

> Security at each layer is designed for a different purpose.
> 
> The only way to secure the network layer information (used at the 
> network layer (e.g., for forwarding) and transport - for connection 
> demuxing) is to secure the network layer header. No amount of 
> application layer protection works there, unless you terminate the app 
> layer at each hop and forward there (e.g., P2P). Are you proposing that?

I propose doing security at the appropriate layer.  Data encryption is 
appropriate at the application-to-application layer, not at the 
network-to-network (or even host-to-host) layer.

Of course, some paranoid people encrypt data at both network and 
application layers, but this does not increase security much.

> Sure, you can require only security at the app layer, which means that 
> layer is going to get a lot of junk misforwarded and mis-demuxed that it 
> has to invest effort - at the routers and the endstations - processing. 
> Security at other layers helps winnow that junk before it consumes that 
> effort inappropriately.

Misrouted or mis-demuxed junk means only that the routing
equipment/software is broken.  Working equipment doesn't do that,
generally, and it never was a problem, if the routers or switches
themselves aren't compromised (and when an end-host OS is compromised
you've got problems way more serious than some additional junk in the
network traffic).

> Security at any ONE layer is doomed. Security is a multilayer issue; 
> always has been. We can always talk, in the context of multilayer 
> security, at what layer to address a given vulnerability.

Of course, but what you need at the network layer is integrity and 
security of routing information and router OSes, not the 
integrity/security of user data.

This is because data encryption in the network (not at end-points) leaves 
traffic vulnerable to the snooping or modification by network 
administrators, who (in most cases) aren't in the same group as service 
users, and, therefore, have different trustworthiness profile.  On the 
other hand, they are in control of network routing, so protection of 
routing infrastructure is appropriately done at the network layer.

What network layer can do for e2e security is to provide some support for
resistance to flooding attacks.  Unfortunately, encryption is exactly the
wrong way to achieve that, because it takes more resources to handle an
encrypted packet, and the whole point of flooding DoS attack is to exhaust
resources of a target system.

VPNs don't do anything to protect routing information, and don't do 
anything to handle flooding attacks. They mostly create an illusion of 
network security, distracting people from addressing the real security 
threats.

--vadim