[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and RTP crypto



Long ago we implemented this selective use of IPsec by
permitting connections to mix protected and unprotected
traffic.  The send and receive interfaces made the level 
of protection obvious; the application layer could decide 
whether or not to accept data  for each received chunk 
(all the bytes in a chunk had the same protections).  This
allowed password protection, in particular.  It didn't seem
(at the time), that IPsec was an impediment to this usage.

Hilarie

>>> Stephen Kent <kent@bbn.com> 04/04/01 11:33AM >>>
At 12:47 PM -0400 4/4/01, Bill Sommerfeld wrote:
>  > Jeff Schiller according to Basavaraj Patil's
>>  minutes (mobile IP WG chair) quotes Jeff as saying
>>  that IPsec is not really a good fit in situations
>>  where you want to protect some of the traffic, but
>>  not all of the traffic to another host.
>
>IPsec is a poor fit when you only want to protect some traffic of a
>particular flow (e.g., only packets which contain passwords, or only
>the packets with a mobile ip binding update).

Ah, that makes sense as something Jeff might have said!

Steve


Follow-Ups: