[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Traffic selectors, fragments, ICMP messages and security policy problems
>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
Stephen> At 3:40 PM +0200 3/14/04, Markku Savela wrote:
>> Before going into details, just to restate my view of how dealing
>> with fragments should be stated in the RFC:
>>
>> 1. The IPSEC that is applied to all fragments must be exactly the
>> same that would be applied to the same packet when fully
>> assembled.
Stephen> I agree that this would be ideal, but it would not be awful,
Stephen> from a communication security perspective, if we applied
Stephen> "better" protection to fragments.
True from a comsec point of view. Not necessarily true from a legal
compliance point of view, if you're subject to regulations that
restrict the use of certain algorithms for certain traffic. I believe
Tero made that point some time ago.
paul
- References:
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
- From: Markku Savela <msa@burp.tkv.asdf.org>
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
- From: Stephen Kent <kent@bbn.com>
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
- From: Markku Savela <msa@burp.tkv.asdf.org>
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
- From: Stephen Kent <kent@bbn.com>
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
- From: Markku Savela <msa@burp.tkv.asdf.org>
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
- From: Stephen Kent <kent@bbn.com>