[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re: Encapsulation vs options



On Dec 4, 13:12, "Donald E. Eastlake, III, LJO2/I4 +1 508 486 2358  wrote:
> Subject: RE: Re: Encapsulation vs options
>Ran,
>
>I can't conceive of why someone would think you couldn't design an option.
>Just take all the fields in an encapsulating protocol header and stuff them
>into an option an there you are.

...

>-- End of excerpt from "Donald E. Eastlake, III, LJO2/I4 +1 508 486 2358

  There are pretty small limits on the total number of bytes that may be used
for options in an IPv4 packet.  This is one potential obstacle.

  A real security option might or might not be practical, desirable, or
whatever.   Certainly
Phil Karn says he doesn't consider it desirable (am I paraphrasing correctly ?
:-).
I personally think an option might be nice for the vast majority of folks who
aren't currently
concerned about confidentiality but would like some protection against
bogus ICMP or similar attacks.

   An option clearly isn't the main focus here, but I think it would be nice if
it were considered
in the background using whatever mechanisms are devised for the encapsulating
protocol that
really IS the main effort here.

 Ran
atkinson@itd.nrl.navy.mil