[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transport-friendly ESP

To: Steve Bellovin <smb@research.att.com>
Subject: Re: transport-friendly ESP
From: Stephen Kent <kent@bbn.com>
Date: Fri, 29 Jan 1999 16:08:14 -0500
Cc: ipsec@tis.com
In-Reply-To: <199901280234.VAA03373@smb.research.att.com>
Sender: owner-ipsec@ex.tis.com

Steve,

As you and I discussed after the last IPsec WG meeting in Orlando, I am
concerned by the possible adverse consqeunces of this approach to
"cheating" with what purports to be an IP layer security protocol.  I'd
rather offer ways of creating copies of pre-defined transport layer
protocol information for access outside of the ESP protection boundary.  A
moveable window of the sort you descibe could be misconfigured and allow
substantial amounts of data to be transmitted in plaintext form.  In
contrast, if we provide a means of carrying a plaingtext copy of selected
transport layer info outside of the ESP payload, we can limit the damage
that misconfiguration (bening or malicious) might inflict.

Steve

References:

transport-friendly ESP

From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: transport-friendly ESP
Next by Date: RE: New IPSec Monitoring MIB draft
Prev by thread: Re: transport-friendly ESP - use the dedicated list!
Next by thread: Re: transport-friendly ESP
Index(es):
- Main
- Thread