[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ports in the clear...
In a galaxy far, far away, : Mon, 22 Apr 1996 21:05:39 EDT
> Believe it or not, you'd be surprised how many bean counters there
> are in this world. People want to account for data flows.
If people want to account for traffic flow, then they should reject
attempts to send encrypted packets through.
Simple.
The whole point of encrypted traffic flow is to keep information private.
Otherwise, people who want privacy will just build tunnels, there will be no
port numbers to see, and the bean counters will just be back where they
started, only they'll be paying an extra IP header per packet.
The existence of ESP headers will not likely cause all the traffic to
become encrypted. I doubt AH headers will be that common for typical
http access. HTTP is expensive enough as it is...
If you want to count bytes, then buy a device that supports IPsec. Firewalls
are examples of such a device.
I proposed one method that a firewall could interact with IPsec in
draft-richardson-ipsec-aft-00.txt. I'm less convinced that this is the way to
do it now than a month ago, though.
--
mcr@milkyway.com | <A HREF="http://www.milkyway.com/">Milkyway
Networks Corporation</A>
Michael C. Richardson | Makers of the Black Hole firewall
Senior Research Specialist | info@milkyway.com for BlackHole questions
Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio
.html">mcr@sandelman.ocunix.on.ca</A>.
PGP signature
References: