[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
Henry Spencer wrote:
>
> On Fri, 15 Sep 2000, Joe Touch wrote:
> > > The presence of encryption makes a fundamental difference. 2003, which
> > > sends the inner header in cleartext, does not have these concerns.
> >
> > Doesn't IPSEC send the inner header in cleartext (in 'null' mode?) too?
>
> Occasionally, but that is not the worst case for design purposes.
>
> > It may be sufficient to indicate in 2003bis that DF may be cleared, but
> > 'here are the consequences', and same for TOS changes. It can then point
> > to its use in IPSEC, and the redundent text can be excised from 2401bis.
>
> I think 2401bis would still have to mention it, if only to discuss the
> security consequences of the different choices. (Remember, IPsec is a
> *security* standard, not just an *encryption* standard -- it has to touch
> all the bases and get all the details right.)
Of course - it can recap the security implications of certain settings.
It would be useful to avoid otherwise re-specifying 2003bis, though.
Joe
References: