[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONSENSUS TEST: Fragmentation handling

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: CONSENSUS TEST: Fragmentation handling
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Tue, 06 Apr 2004 23:33:42 -0400
Cc: "Theodore Ts'o" <tytso@mit.edu>, Stephen Kent <kent@bbn.com>, Tero Kivinen <kivinen@iki.fi>, Mohan Parthasarathy <mohanp@sbcglobal.net>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 07 Apr 2004 00:23:18 +0200." <200404062223.i36MNISj000857@givry.rennes.enst-bretagne.fr>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> => anything which tries to look at inside my packets violates my
> confidentiality, and I don't like this at all from something which
> is supposed to protect it. IMHO a router should not look at something
> which is not in the IP header, or do you argue we should only use
> IPsec end-to-end? (I am not against the idea but this is a bit drastic).

We're talking about behavior in an IPsec implementation which enforces
policy based on port numbers.  On the cleartext side, it's *already*
looking into the packet well past the ip header..

						- Bill

Follow-Ups:
- Re: CONSENSUS TEST: Fragmentation handling
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:
- Re: CONSENSUS TEST: Fragmentation handling
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: CONSENSUS TEST: Fragmentation handling
Next by Date: Re: Outbound SA Bundle processing
Previous by thread: Re: CONSENSUS TEST: Fragmentation handling
Next by thread: Re: CONSENSUS TEST: Fragmentation handling
Index(es):
- Date
- Thread