[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful

To: Joe Touch <touch@ISI.EDU>
Subject: Re: TOS copying considered harmful
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 15 Sep 2000 16:37:06 -0400 (EDT)
cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <39C28761.A612B88E@isi.edu>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 15 Sep 2000, Joe Touch wrote:
> > The presence of encryption makes a fundamental difference.  2003, which
> > sends the inner header in cleartext, does not have these concerns.
> 
> Doesn't IPSEC send the inner header in cleartext (in 'null' mode?) too?

Occasionally, but that is not the worst case for design purposes.

> It may be sufficient to indicate in 2003bis that DF may be cleared, but
> 'here are the consequences', and same for TOS changes. It can then point
> to its use in IPSEC, and the redundent text can be excised from 2401bis.

I think 2401bis would still have to mention it, if only to discuss the
security consequences of the different choices.  (Remember, IPsec is a
*security* standard, not just an *encryption* standard -- it has to touch
all the bases and get all the details right.)

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: TOS copying considered harmful

From: Joe Touch <touch@ISI.EDU>

References:

Re: TOS copying considered harmful

From: Joe Touch <touch@ISI.EDU>

Prev by Date: Re: TOS copying considered harmful
Next by Date: Re: TOS copying considered harmful
Prev by thread: Re: TOS copying considered harmful
Next by thread: Re: TOS copying considered harmful
Index(es):
- Main
- Thread