[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
On Fri, 15 Sep 2000, Joe Touch wrote:
> > The presence of encryption makes a fundamental difference. 2003, which
> > sends the inner header in cleartext, does not have these concerns.
>
> Doesn't IPSEC send the inner header in cleartext (in 'null' mode?) too?
Occasionally, but that is not the worst case for design purposes.
> It may be sufficient to indicate in 2003bis that DF may be cleared, but
> 'here are the consequences', and same for TOS changes. It can then point
> to its use in IPSEC, and the redundent text can be excised from 2401bis.
I think 2401bis would still have to mention it, if only to discuss the
security consequences of the different choices. (Remember, IPsec is a
*security* standard, not just an *encryption* standard -- it has to touch
all the bases and get all the details right.)
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: