[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful



Mike,

>What I don't understand is how this differs from
>plain old DSCP remapping that can happen for any
>u-flow or aggregated flow on any incoming/outgoing
>interface.
>
>If you look at a tunnel as a virtual interface,
>I don't think that IPsec needs to recommend much
>of anything other than noting the traffic analysis
>as a potential consideration when deciding how to
>remark traffic.

IPsec is a security protocol, thus it is appropriate for it to 
include explicit controls when security-relevant mapping takes place 
relevant to a tunnel. By the way, it's not traffic analysis per se 
that is the major concern. The concern is that a Trojan Horse 
"behind" the IPsec implementation uses the TOS field to exfiltrate 
data.

Steve



References: