[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ESP over TCP?
Greg,
>I guess i'm not convinced that a priori it is necessary to require that ESP
>cover up the protocol/ports.
ESP is simple because it "encapsulates" the payload. Exposing port numbers is
a very bad idea because it violates implementation layering, it violates some
security policies, it is transport layer specific, etc. QOS is another issue
and could be addressed in a variety of ways.
If you have requirements for a better encapsulation protocol over TCP, would
ESP over TCP work?
Paul
--------------------------------------------------------------
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 413-2963
Redwood Shores, CA 94065 palamber@us.oracle.com
--------------------------------------------------------------