[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some issues about IPSec

To: "C. Harald Koch" <chk@utcc.utoronto.ca>
Subject: Re: some issues about IPSec
From: Steve Bellovin <smb@research.att.com>
Date: Mon, 26 Jan 1998 15:47:17 -0500
cc: Charles Lynn <clynn@bbn.com>, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> > Have you heard about the suggestions
> > to help the scaling and autoconfiguration problem by having routers
> > rewrite IP addresses as the packets pass by?
> 
> I've heard such things. Most of the routing people I trust haven't mentioned
> support for this idea, so I doubt it will fly. Also, there are many protocols
> being actively deployed these days that embed IP addresses in packets (much
> to the annoyance of us firewall developers). Anything that re-writes
> addresses on the fly is going to break some popular but undocumented
> internet phone or video conferencing protocol, and millions of users will
> scream.

This is primarily an IPv6 idea.  And if it "passed", it would apply to
the high-order 64 bits (or thereabouts) of an address; the low-order 64
bits would remain untouched.

Prev by Date: Re: some issues about IPSec
Next by Date: ANX interoperability
Prev by thread: Re: some issues about IPSec
Next by thread: Some Questions
Index(es):
- Main
- Thread