[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and TCP



Hmm.  Pushing "sane" support for handling SOURCE QUENCH to end systems
probably involves changing the host's IP stack.  If you're going to go
to that much trouble, why not just implement ESP/AH in the end systems? :-).

Seriously, I suspect that it shouldn't be too big a deal for a smart
encrypting router to figure out how to squish duplicate TCP segments
out of it's "waiting for SA" queue.... yes, it's a "layering
violation" of sorts, but so's header compression.

					- Bill


Follow-Ups: References: