Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Steve Bellovin ([email protected])
Date: Tue Apr 14 1998 - 21:19:18 EDT

Next message: Daniel R. Glover: "TCPSAT Minutes, 41st IETF"
Previous message: Phil Karn: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>But if tunnel mode ipsec is used, the bits in the IP header are not
>copied into the inner IP header at tunnel termination time.

         Why not? When the IPSEC tunnel endpoint unwraps the packet and
         decrypts the inner IP header, it could easily OR the congestion bit
         from the outer IP header into the inner one.

If nothing else, because the spec doesn't say it should...

Put another way, this requirement was posed by a BoF -- not a working
group -- within weeks of L.A., when the IPsec RFCs were in IETF last call.
That's not a situation to make a change like this, especially without
analysis.

Next message: Daniel R. Glover: "TCPSAT Minutes, 41st IETF"
Previous message: Phil Karn: "Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Feb 14 2000 - 16:14:42 EST