Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Phil Karn ([email protected])
Date: Tue Apr 14 1998 - 20:10:25 EDT

Next message: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Previous message: Harmen R. van As: "8th IFIP Conference on High Performance Networking (HPN'98)"
In reply to: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Next in thread: Ihor Strutynskyj: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>But if tunnel mode ipsec is used, the bits in the IP header are not
>copied into the inner IP header at tunnel termination time.

Why not? When the IPSEC tunnel endpoint unwraps the packet and
decrypts the inner IP header, it could easily OR the congestion bit
from the outer IP header into the inner one.

Phil

Next message: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Previous message: Harmen R. van As: "8th IFIP Conference on High Performance Networking (HPN'98)"
In reply to: Steve Bellovin: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Next in thread: Ihor Strutynskyj: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Feb 14 2000 - 16:14:42 EST