[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2401 section 5.2.1

To: Dan Harkins <dharkins@cips.nokia.com>
Subject: Re: RFC 2401 section 5.2.1
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Mon, 27 Nov 2000 14:34:03 -0500
cc: Henry Spencer <henry@spsystems.net>, Francis Dupont <Francis.Dupont@enst-bretagne.fr>, ipsec@lists.tislabs.com, mobile-ip@standards.nortelnetworks.com
In-reply-to: Your message of "Sun, 26 Nov 2000 17:52:34 PST." <200011270152.RAA24730@potassium.network-alchemy.com>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> Obscured from whom? Don't transport mode and tunnel mode packets look
> identical to a passive evesdropper since the Next Header field is encrypted? 
> (Assuming you're not doing AH, or NULL ESP, which from your previous 
> statements seems plausible).

well, there's always traffic analysis on minimum packet lengths,
assuming that some minimum-length ack-only TCP segments will be in the
traffic mix, and ipcomp and/or more-than-minimal padding aren't in
use..

					- Bill

References:

Re: RFC 2401 section 5.2.1

From: Dan Harkins <dharkins@cips.nokia.com>

Prev by Date: Re: On transport-level policy enforcement (was Re: RFC 2401...)
Next by Date: Re: On transport-level policy enforcement (was Re: RFC 2401...)
Prev by thread: Re: RFC 2401 section 5.2.1
Next by thread: Re: RFC 2401 section 5.2.1
Index(es):
- Main
- Thread