[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful





Henry Spencer wrote:
> 
> On Fri, 15 Sep 2000, Joe Touch wrote:
> > > The presence of encryption makes a fundamental difference.  2003, which
> > > sends the inner header in cleartext, does not have these concerns.
> >
> > Doesn't IPSEC send the inner header in cleartext (in 'null' mode?) too?
> 
> Occasionally, but that is not the worst case for design purposes.
> 
> > It may be sufficient to indicate in 2003bis that DF may be cleared, but
> > 'here are the consequences', and same for TOS changes. It can then point
> > to its use in IPSEC, and the redundent text can be excised from 2401bis.
> 
> I think 2401bis would still have to mention it, if only to discuss the
> security consequences of the different choices.  (Remember, IPsec is a
> *security* standard, not just an *encryption* standard -- it has to touch
> all the bases and get all the details right.)

Of course - it can recap the security implications of certain settings.
It would be useful to avoid otherwise re-specifying 2003bis, though.

Joe


References: