Re: TOS copying considered harmful

[Joe Touch <touch@ISI.EDU>]

Olivier Kreet wrote:
> 
> Joe Touch wrote:
> [...]
> 
> > 2003bis should discuss the clearing of these bits as an option, and
> > discuss the implications of using that option, precisely because it is
> > needed, e.g., for 2401 (or 2401bis).
> >
> > Then 2401bis can refer back to 2003bis for the specification of the
> > tunnel headers, and indicate that 'clearing the bits' may be required
> > for security reasons, and that it can use exactly the header specified
> > by 2003bis.
> >
> > Joe
> 
> As stated in the first post of this discussion thread, besides security reasons,
> clearing the TOS field may also be required when QoS is to be applied on the path
> of the tunnel. The packet reordering may cause the anti-replay mechanism to
> reject low prio packets that were (strongly) delayed  due to QoS. See
> draft-ietf-diffserv-tunnels-02.txt, section 5.1.
> This is related to ESP and AH sequence numbers, that are specific to IPSec and
> not an IP in IP encapsulation problem. This point should go to RFC2401, right?

That specific point, yes.

The fact that TOS may need to be cleared should go in 2003bis, including
some reference as to why, but not necessarily that level of detail.

Joe

---

References:

• Re: TOS copying considered harmful
• From: itojun@iijlab.net
• Re: TOS copying considered harmful
• From: Joe Touch <touch@ISI.EDU>
• Re: TOS copying considered harmful
• From: Olivier Kreet <olivier.kreet@sxb.bsf.alcatel.fr>

---

• Prev by Date: Re: ISAKMP Delete Payload
• Next by Date: Re: SA byte lifetime
• Prev by thread: Re: TOS copying considered harmful
• Next by thread: 128Bit Encryption
• Index(es):
  • Main
  • Thread