[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: threats ID

To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Subject: Re: threats ID
From: Tim Shepard <shep@alum.mit.edu>
Date: Sun, 25 Jan 2004 00:58:29 -0500
Cc: Multi6 List <multi6@ops.ietf.org>
In-reply-to: Your message of Sat, 24 Jan 2004 08:21:38 +0900. <4011AC82.2000207@necom830.hpcl.titech.ac.jp>

> > Note that IPSEC adds a layer, increasing the number of layers below
> > TCP by one.
> 
> it is clearly stated in RFC2401 "Security Architecture for the
> Internet Protocol", which defines IPSEC architecture, that:
> 
>    The goal of the architecture is to provide various security
>    services for traffic at the IP layer, in both the IPv4 and IPv6
>    environments.


Interesting that the draft says that.  Note though that despite the
draft saying that IPSEC provides it "at" the IP layer, it in fact does
all of its communication sitting on top of unmodified IP.  For
example, the routers don't need to be upgraded to allow IPSEC to run
over them.  So in some meaningful sense, IPSEC is above the IP layer,
even if there is a document telling us that we're not supposed to
think about it that way.

			-Tim Shepard
			 shep@alum.mit.edu

Follow-Ups:
- Re: threats ID
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

References:
- Re: threats ID
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

Prev by Date: Re: to be draft-ohta-multi6-8plus8-00.txt
Next by Date: RE: Reminder re multi6 drafts
Previous by thread: Re: threats ID
Next by thread: Re: threats ID
Index(es):
- Date
- Thread