[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and TCP headers

To: tomh@cs.berkeley.edu
Subject: Re: IPSEC and TCP headers
From: Steve Bellovin <smb@research.att.com>
Date: Mon, 05 Jan 1998 08:25:46 -0500
cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

	 Such an approach would allow various strategies aimed at
	 improving TCP performance over challenging network segments
	 (e.g., TCP snoop) to be deployed in a transit network,
	 particularly wireless networks.  While such an approach might
	 leave flows vulnerable to malicious TCP spoofing, if
	 additional security measures were adopted by the wireless
	 network to eliminate unauthorized spoofing, this method would
	 be useful.

	 Has the group considered this approach before (I could not
	 find discussion of it on the list archive or the internet
	 drafts)?

As you note, there are security risks from doing so.  Moreover, there
are other protocols, notably TLS (aka SSL) that do what you want.
I personally don't see the need for an IPSEC variant that would
compete with TLS.

Prev by Date: IPSEC and TCP headers
Next by Date: Re: Results of the IPSEC document reading party
Prev by thread: Re: IPSEC and TCP headers
Next by thread: Re: Results of the IPSEC document reading party
Index(es):
- Main
- Thread