Re: ipsec and tcp spoofing

• Next message: Eric Travis: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Previous message: Howard Weiss: "Re: ipsec and tcp spoofing"
• Maybe in reply to: Tom Henderson: "ipsec and tcp spoofing"
• Next in thread: Howard Weiss: "Re: ipsec and tcp spoofing"
• Reply: Howard Weiss: "Re: ipsec and tcp spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Luis, Howard,

Thanks for the corrections to my message. Nevertheless, it is clear that
there is no mode of IPsec that is compatible with TCP spoofing unless
the spoofing gateway can perform encryption and/or authentication itself.
In looking at the Security Architecture document, it seemed worthwhile to
consider a "transport mode" option to leave the TCP header unencrypted and
unauthenticated.

> There was just
> a proposal in the last two weeks to the IPSEC mailing list to move the
> TCP port information into the clear so as to allow Internet management
> systems that gather stats on the types of flows running across the
> 'net to continue to operate. It was seriously rejected by the WG
> despite the understanding for flow stats.

Given this, I guess the discussion is moot.

Tom

• Next message: Eric Travis: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Previous message: Howard Weiss: "Re: ipsec and tcp spoofing"
• Maybe in reply to: Tom Henderson: "ipsec and tcp spoofing"
• Next in thread: Howard Weiss: "Re: ipsec and tcp spoofing"
• Reply: Howard Weiss: "Re: ipsec and tcp spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Feb 14 2000 - 16:14:39 EST