Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

• Next message: Ihor Strutynskyj: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Previous message: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• In reply to: Ihor Strutynskyj: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Next in thread: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>The modification of TCP header by BS is impossible in case of
>secure/encripted communication. In this case ICMP may help,

In the usual ELN setup, the routers only set the congestion
experienced bit in the IP header, which IPSEC does not encrypt. The
receiving TCPs copy these bits into the reply TCP headers they
generate before they are encrypted by IPSEC on the way out. Because
the ELN bits in the TCP headers are set and read only by the
endpoints, IPSEC is *not* an obstacle of any sort.

Phil

• Next message: Ihor Strutynskyj: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Previous message: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• In reply to: Ihor Strutynskyj: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Next in thread: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Feb 14 2000 - 16:14:42 EST