Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

[Robert Moskowitz <rgm-sec@htt-consult.com>]

At 11:10 PM 3/26/98 -0800, Phil Karn wrote:
>
>In such "tunnel" configurations, the packets are still available in
>plaintext within the private networks, where they can be monitored and
>debugged by the operators of those networks. Similarly, any
>information needed by the subnet's internal and border routers for
>traffic classification is still available.  Only the external, public
>part of the path is encrypted.

Many of my network security colleagues look at this as a short-term interim
item.  End-to-end is where we want to go.  This makes some interesting
challenges for addressing (I got to see what the NAT people are going to
say about IPsec...).


Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

---

References:

• RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• From: JGC <jgc@optimal.com>
• Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• From: Phil Karn <karn@qualcomm.com>

---

• Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Next by Date: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Next by thread: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Index(es):
  • Main
  • Thread