[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on latest IPSP drafts

To: Hilarie Orman <ho@cs.arizona.edu>
Subject: Re: Comments on latest IPSP drafts
From: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>
Date: 11 Apr 95 15:04:41
Cc: ipsec <ipsec@ans.net>

> Hilarie Orman said:

> In our prototyping of an IP security layer, we approached this by
> having the sender's query for the MTU be intercepted by the
> security
> layer, which subtracts the header lengths from the actual network MTU.
> The sender thus learns how much payload is available.

This is a good idea and should be mentioned in the draft.  Of course it
doesn't help for applications that don't query for the MTU size....

> The
> implementation of security as a layer makes the frag/reassembly
> constraint natural and obvious.

The "security as a layer" concept is also not discussed in the draft.
 It seems to me that IPSEC is more than just another layer if an
implementation includes packet filtering and forwarding as well as
IPSEC processing.

Prev by Date: Re: Bellovin's attack and others like it
Next by Date: Re: Bellovin's attack and others like it
Next by thread: Re: IPv6 Security Last Call Initial Questions
Index(es):
- Main
- Thread