[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]

To: Christian Huitema <huitema@windows.microsoft.com>
Subject: Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 9 May 2005 22:33:08 +0200
Cc: shim6 <shim6@psg.com>
In-reply-to: <DAC3FCB50E31C54987CD10797DA511BA0E9129BC@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
References: <DAC3FCB50E31C54987CD10797DA511BA0E9129BC@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>

On 9-mei-2005, at 18:51, Christian Huitema wrote:

Wouldn't IPsec be just another higher layer protocol to the shim?

Actually, I would like an option to run the shim inside IPSEC. It
prevents meddling by intermediate boxes.

Well, wouldn't the shim seem like just another higher layer protocol to IPsec?

There shouldn't be any problems with either running IPsec on top of the shim or the shim on top of IPsec (IPsec on top of the shim on top of IPsec), as long as both ends agree on the layering. One type of layering should probably be the default and the other can then only be negotiated if both IPsecs are shim-aware.

References:
- RE: Middleboxes [Was: Flow label versus Extension header - protocol itself]
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: shim and IPsec placement [Was: Middleboxes]
Next by Date: Re: Flow label versus Extension header - protocol itself
Previous by thread: shim and IPsec placement [Was: Middleboxes]
Index(es):
- Date
- Thread