> >The modification of TCP header by BS is impossible in case of
> >secure/encripted communication. In this case ICMP may help,
>
> In the usual ELN setup, the routers only set the congestion
> experienced bit in the IP header, which IPSEC does not encrypt. The
> receiving TCPs copy these bits into the reply TCP headers they
> generate before they are encrypted by IPSEC on the way out. Because
> the ELN bits in the TCP headers are set and read only by the
> endpoints, IPSEC is *not* an obstacle of any sort.
>
>But if tunnel mode ipsec is used, the bits in the IP header are not
>copied into the inner IP header at tunnel termination time.
Does it mean that the strong security can't be used with ECN+ELN
mechanisms, which provide better performance?
This archive was generated by hypermail 2b29 : Mon Feb 14 2000 - 16:14:42 EST