[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IVs and IDENTs

To: perry@imsi.com
Subject: Re: IVs and IDENTs
From: Phil Karn <karn@qualcomm.com>
Date: Mon, 29 Aug 1994 13:34:19 -0700
Cc: atkinson@itd.nrl.navy.mil, kasten@ftp.com, ipsec@ans.net
In-Reply-To: <9408291837.AA11522@snark.imsi.com> (perry@imsi.com)

>I've been wondering if there isn't some way we could put in header
>compression in such instances -- after all, the two ends of the
>encrypting tunnel are effectively a point to point link.

Not really. Tunneled packets are susceptible to out of order delivery
or outright loss when they are carried over the Internet. VJ header
compression can tolerate a little of the latter, but it breaks
completely when it encounters the former.

And yes, you could tunnel across a TCP connection. But now that TCP
connection is vulnerable to all sorts of active attacks that we're
trying to guard against with IPSEC in the first place.

Phil

References:

Re: IVs and IDENTs

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: IVs and IDENTs
Next by Date: Re: IVs, summary of discussion
Prev by thread: Re: IVs and IDENTs
Next by thread: Re: IVs and IDENTs
Index(es):
- Main
- Thread