[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC and TCP headers
Such an approach would allow various strategies aimed at
improving TCP performance over challenging network segments
(e.g., TCP snoop) to be deployed in a transit network,
particularly wireless networks. While such an approach might
leave flows vulnerable to malicious TCP spoofing, if
additional security measures were adopted by the wireless
network to eliminate unauthorized spoofing, this method would
be useful.
Has the group considered this approach before (I could not
find discussion of it on the list archive or the internet
drafts)?
As you note, there are security risks from doing so. Moreover, there
are other protocols, notably TLS (aka SSL) that do what you want.
I personally don't see the need for an IPSEC variant that would
compete with TLS.