[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
On Fri, 15 Sep 2000, Joe Touch wrote:
> > RFC 2401 is quite careful to say that IPsec tunneling is "modeled after"
> > 2003 tunneling, not that it *is* 2003 tunneling.
>
> ...At the least, the differences should be highlighted,
> and the reasons for the differences described and justified.
> It isn't clear there is the need for a separate system here.
I suspect there is... but I agree that the justification needs to be
made explicit.
> > Why is an update to 2003 required? ...
>
> Tunneling is tunneling. If there is a reason for allowing the DF
> bit to be cleared, or for using different TOS bits in IPSEC, there
> may be equivalent reasons for allowing them in 2003.
The presence of encryption makes a fundamental difference. 2003, which
sends the inner header in cleartext, does not have these concerns.
> Having two specifications for packets with protocol type 4 inside IP
> should be avoided if at all possible.
Now this I agree with. Especially since the IPsec RFCs themselves seem to
be very confused about this.
2401 is where IPsec tunneling is defined and discussed... but just *try*
to find mention in it of which protocol number should be used. (It is
alluded to in a couple of footnotes addressing other matters, but is never
explicitly defined.)
Over in 2406, defining ESP, it says most explicitly that the Next Header
field is interpreted as in "Assigned Numbers"... but Assigned Numbers says
that protocol number 4 is assigned to RFC 2003, period. Not to some other
protocol "modeled after" 2003.
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: