[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] big IKE packets
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Koning <pkoning@equallogic.com> writes:
Michael> We could have an option to run over TCP. But, consider if
Michael> one is doing IPsec in the first place to protect TCP
Michael> management sessions. Ooops.
Paul> So? That's no more an issue than it is for UDP. A TCP IKE
Paul> session would not go through IPsec, just like port 500
Paul> UDPgrams don't use IPsec.
But, they would be vulnerable to the TCP RST attacks that we might in
fact trying to defend against in the first place.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQTTePIqHRg3pndX9AQGvugP+LkHcpP9AeXKpSk1IxZn6ltWYWWhP1vHa
GtfQ0hS6xKcedZxlfNpKXQBc1CT96GNLOjAALzBrBffOpOi8Ukz98AVno3nI6D18
Gg7wZeIBSxIJnhJ6sg3HeWKpIc7iZrRTFWsV5KSg9o1qySYIbWxBAyMaTnY0klGZ
KslXiv69Ztk=
=ue5L
-----END PGP SIGNATURE-----
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec