[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
Mike,
>What I don't understand is how this differs from
>plain old DSCP remapping that can happen for any
>u-flow or aggregated flow on any incoming/outgoing
>interface.
>
>If you look at a tunnel as a virtual interface,
>I don't think that IPsec needs to recommend much
>of anything other than noting the traffic analysis
>as a potential consideration when deciding how to
>remark traffic.
IPsec is a security protocol, thus it is appropriate for it to
include explicit controls when security-relevant mapping takes place
relevant to a tunnel. By the way, it's not traffic analysis per se
that is the major concern. The concern is that a Trojan Horse
"behind" the IPsec implementation uses the TOS field to exfiltrate
data.
Steve
References: