[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and RTP crypto

To: Henry Spencer <henry@spsystems.net>
Subject: Re: IPsec and RTP crypto
From: Stephen Kent <kent@bbn.com>
Date: Wed, 4 Apr 2001 19:36:04 -0400
Cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.BSI.3.91.1010404190703.15455D-100000@spsystems.net>
References: <Pine.BSI.3.91.1010404190703.15455D-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

At 7:09 PM -0400 4/4/01, Henry Spencer wrote:
>On Wed, 4 Apr 2001, Michael Thomas wrote:
>>     I seem to recall Bill Sommerfeld making similar
>>     remarks as Jeff about Sun's stack and I think
>>     I remember that Freeswan doesn't have the ability
>>     to filter off of ports yet...
>
>Correct on the FreeS/WAN part (can't answer for Sun!).  This is being
>fixed, although as Sandy commented, we belong to the faction which says
>that you are usually better off just encrypting *everything* -- if only
>because it denies useful information to the bad guys -- unless there are
>truly compelling reasons not to.
>

Port-level SPD selectors, like all other SPD entry selectors, are 
part of an access control mechanism, as described in 2401. So, even 
if one does elect to "encrypt everything" to a destination, there is 
good reason for complying with the standard in this regard.

Steve

References:

Re: IPsec and RTP crypto

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: IPsec and RTP crypto
Next by Date: RE: IPsec and RTP crypto
Prev by thread: Re: IPsec and RTP crypto
Next by thread: Re: IPsec and RTP crypto
Index(es):
- Main
- Thread