[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ports in the clear...

To: Ran Atkinson <rja@cisco.com>
Subject: Re: ports in the clear...
From: Greg Minshall <minshall@ipsilon.com>
Date: Mon, 22 Apr 1996 17:16:22 -0700
Cc: ipsec@TIS.COM
In-Reply-To: Your message of "Mon, 22 Apr 1996 15:52:26 PDT." <199604222252.PAA27485@puli.cisco.com>
Sender: ipsec-approval@neptune.tis.com

Ran,

> Your unstated reason is that it relates to how the Ipsilon product works
> and that won't persuade me either.  

Foo.  I'm fairly principled; my discomfort with hiding the port numbers 
predates Ipsilon.  (But, you are right that this would also make some of our 
stuff easier in operational networks.)  [But, maybe you didn't mean this 
statement to be for public consumption?]

> Nothing says that users must use encryption.  If they choose to do so,
> then they ought not have their ports and ULP identifier in cleartext.

I guess i don't know any argument from first principles that says what should, 
and what shouldn't, be in the clear (except that it's clear that people want 
their telnet passwords and their payroll data, etc., to be encrypted).  If, 
for example, ports and ULP were in the IPng header (sort of like in XNS), then 
one might not think of encrypting them (thinking of them as part of the 
"address").

Greg

References:

Re: ports in the clear...

From: Ran Atkinson <rja@cisco.com>

Prev by Date: ports in the clear...
Next by Date: Re: ports in the clear...
Prev by thread: Re: ports in the clear...
Next by thread: Re: ports in the clear...
Index(es):
- Main
- Thread