[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESP over TCP?

To: ipsec@TIS.COM
Subject: ESP over TCP?
From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
Date: 23 Apr 96 18:55:19 -0700
Sender: ipsec-approval@neptune.tis.com


 
Greg,  
  
>I guess i'm not convinced that a priori it is necessary to require that ESP   
>cover up the protocol/ports.   
  
ESP is simple because it "encapsulates" the payload. Exposing port numbers is 
a very bad idea because it violates implementation layering, it violates some 
security policies, it is transport layer specific, etc.  QOS is another issue 
and could be addressed in a variety of ways.  
  
If you have requirements for a better encapsulation protocol over TCP, would 
ESP over TCP work?  
  
Paul  
  
--------------------------------------------------------------  
Paul Lambert                     Director of Security Products  
Oracle Corporation                       Phone: (415) 506-0370  
500 Oracle Parkway, Box 659410             Fax: (415) 413-2963  
Redwood Shores, CA  94065               palamber@us.oracle.com  
--------------------------------------------------------------

Prev by Date: Re: clear ports
Next by Date: Re: clear ports
Prev by thread: reference correction
Next by thread: Re: ESP over TCP?
Index(es):
- Main
- Thread