[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and RTP crypto

To: <smb@research.att.com>
Subject: Re: IPsec and RTP crypto
From: "Hilarie Orman" <HORMAN@volera.com>
Date: Thu, 12 Apr 2001 17:08:43 -0600
Cc: <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

It's an application layer issue.

Hilarie

>>> "Steven M. Bellovin" <smb@research.att.com> 04/11/01 07:11PM >>>
In message <sacb25d4.084@prv-mail20.provo.novell.com>, "Hilarie Orman" writes:
>Long ago we implemented this selective use of IPsec by
>permitting connections to mix protected and unprotected
>traffic.  The send and receive interfaces made the level 
>of protection obvious; the application layer could decide 
>whether or not to accept data  for each received chunk 
>(all the bytes in a chunk had the same protections).  This
>allowed password protection, in particular.  It didn't seem
>(at the time), that IPsec was an impediment to this usage.
>

How can you do that?  It sounds like it would take some very strange 
layering, since in most stacks TCP ACKs are sent when the data is 
received, not when it's passed to the application -- and that, in turn, 
means that the sending host may have discarded some data before it 
knows if it needs to be sent with a different security level.

		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: RE: Death to AH (was Re: SA identification)
Next by Date: Re: Death to AH (was Re: SA identification)
Prev by thread: Re: IPsec and RTP crypto
Next by thread: Re: SCTP and IPsec issues
Index(es):
- Main
- Thread