[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Traffic selectors, fragments, ICMP messages and security policy problems
On Wed, Feb 25, 2004 at 01:47:24PM -0500, Michael Richardson wrote:
>
> To date, the only significant deployment that I know of that would
> even use port-selectors is securing L2TP traffic - and that traffic,
> being ultimately a tunnelling protocol which terminates the *UDP* on
> two hosts, should not have a problem.
I use port selectors quite regularly. I use them, for instance, for
preserving confidentality of syslog logs without encrypting all traffic
between the log source and sink. Why do I do this? I do it because
the performance impact of encrypting all the traffic would be unacceptable;
so this is not a "high speed, high capacity" application, perhaps, but it
is not one in which arbitrarily poor performance is acceptable.
Thor