[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful

To: Henry Spencer <henry@spsystems.net>
Subject: Re: TOS copying considered harmful
From: Joe Touch <touch@ISI.EDU>
Date: Fri, 15 Sep 2000 13:32:33 -0700
CC: IP Security List <ipsec@lists.tislabs.com>
References: <Pine.BSI.3.91.1000915160714.7956C-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com



Henry Spencer wrote:
> 
> On Fri, 15 Sep 2000, Joe Touch wrote:
> > > RFC 2401 is quite careful to say that IPsec tunneling is "modeled after"
> > > 2003 tunneling, not that it *is* 2003 tunneling.
> >
> > ...At the least, the differences should be highlighted,
> > and the reasons for the differences described and justified.
> > It isn't clear there is the need for a separate system here.
> 
> I suspect there is... but I agree that the justification needs to be
> made explicit.
> 
> > > Why is an update to 2003 required? ...
> >
> > Tunneling is tunneling.  If there is a reason for allowing the DF
> > bit to be cleared, or for using different TOS bits in IPSEC, there
> > may be equivalent reasons for allowing them in 2003.
> 
> The presence of encryption makes a fundamental difference.  2003, which
> sends the inner header in cleartext, does not have these concerns.

Doesn't IPSEC send the inner header in cleartext (in 'null' mode?) too?

> > Having two specifications for packets with protocol type 4 inside IP
> > should be avoided if at all possible.
> 
> Now this I agree with.  Especially since the IPsec RFCs themselves seem to
> be very confused about this.
> 
> 2401 is where IPsec tunneling is defined and discussed... but just *try*
> to find mention in it of which protocol number should be used.  (It is
> alluded to in a couple of footnotes addressing other matters, but is never
> explicitly defined.)
> 
> Over in 2406, defining ESP, it says most explicitly that the Next Header
> field is interpreted as in "Assigned Numbers"... but Assigned Numbers says
> that protocol number 4 is assigned to RFC 2003, period.  Not to some other
> protocol "modeled after" 2003.

To be clear, I'm saying only that:

	- if there are mods to how 2003 works, 
	  maybe an update of 2003 is useful

	- putting mods to 2003 (effectively) 
	  inside a different spec is confusing

It may be sufficient to indicate in 2003bis that DF may be cleared, but
'here are the consequences', and same for TOS changes. It can then point
to its use in IPSEC, and the redundent text can be excised from 2401bis.

Joe

Follow-Ups:

Re: TOS copying considered harmful

From: Henry Spencer <henry@spsystems.net>

Re: TOS copying considered harmful

From: Stephen Kent <kent@bbn.com>

References:

Re: TOS copying considered harmful

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: TOS copying considered harmful
Next by Date: Re: TOS copying considered harmful
Prev by thread: Re: TOS copying considered harmful
Next by thread: Re: TOS copying considered harmful
Index(es):
- Main
- Thread