[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful

To: Olivier Kreet <olivier.kreet@sxb.bsf.alcatel.fr>
Subject: Re: TOS copying considered harmful
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Tue, 19 Sep 2000 16:22:46 +0900
cc: IP Security List <ipsec@lists.tislabs.com>
In-reply-to: olivier.kreet's message of Tue, 19 Sep 2000 08:49:43 +0100. <39C71A97.EF6613F@sxb.bsf.alcatel.fr>
Sender: owner-ipsec@lists.tislabs.com

>As stated in the first post of this discussion thread, besides security reasons,
>clearing the TOS field may also be required when QoS is to be applied on the path
>of the tunnel. The packet reordering may cause the anti-replay mechanism to
>reject low prio packets that were (strongly) delayed  due to QoS. See
>draft-ietf-diffserv-tunnels-02.txt, section 5.1.
>This is related to ESP and AH sequence numbers, that are specific to IPSec and
>not an IP in IP encapsulation problem. This point should go to RFC2401, right?

	I don't understand the last sentence.  why sequence numbers are the
	issue?  they are defined per SA (= unique to src, and normally
	identifies single dst), and should not matter even if we add a tunnel
	encapsulation.  could you tell us more?

	I personally still believe that we should separately define tunnelling
	separately from IPsec itself (like RFC182x did), but given the way IKE
	is defined today and is used to negotiate IPsec tunnels, i think it's
	too late.

itojun

Follow-Ups:

Re: TOS copying considered harmful

From: Olivier Kreet <olivier.kreet@sxb.bsf.alcatel.fr>

References:

Re: TOS copying considered harmful

From: Olivier Kreet <olivier.kreet@sxb.bsf.alcatel.fr>

Prev by Date: Re: FW: TOS copying considered harmful
Next by Date: Re: TOS copying considered harmful
Prev by thread: Re: TOS copying considered harmful
Next by thread: Re: TOS copying considered harmful
Index(es):
- Main
- Thread