[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: intersec BOF

To: Sally Floyd <floyd@icir.org>
Subject: Re: intersec BOF
From: itojun@iijlab.net
Date: Mon, 24 Mar 2003 17:52:10 +0900
Cc: iesg@ietf.org, iab@ietf.org
In-reply-to: floyd's message of Sun, 23 Mar 2003 21:38:40 PST. <200303240538.h2O5ceDX017587@cougar.icir.org>

>>	summary: classic problem, end-to-end encryption versus intermediate
>>	box which would like to tweak/peep traffic.  there's no good solution,
>>	but that's life.
>I liked this BOF because the feedback from the floor would mostly 
>useful and to-the-point, raising and clarifying issues that had to be
>addressed.  (Part of the feedback from the mike was about the
>relative merits of end-to-end security (IPsec) vs. tranport-level
>security (TLS, SRTP).)

	tricks like RFC3135 works for TLS as TLS is on top of TCP (so TCP header
	is visible).  it does not work for IPsec as IPsec encrypts TCP header.
	again, to me it is a recap of classic problem.

	in the past there was proposals in ipsec working group, with which
	TCP/UDP port number is exposed and the rest are encrypted (i don't
	remember which draft it was).  the proposal have discussed to certain
	degree, but it end up unsuccessful (could not get consensus).

itojun

Follow-Ups:
- Re: intersec BOF
  - From: "Steven M. Bellovin" <smb@research.att.com>

References:
- Re: intersec BOF
  - From: Sally Floyd <floyd@icir.org>

Prev by Date: Re: Sending a message with shutting down a WG
Next by Date: laptops on stage in plenary (fwd)
Previous by thread: Re: intersec BOF
Next by thread: Re: intersec BOF
Index(es):
- Date
- Thread