[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TOS copying considered harmful

To: Henry Spencer <henry@xxxxxxxxxxxxx>
Subject: Re: TOS copying considered harmful
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 14 Sep 2000 13:03:01 -0400
Cc: IP Security List <ipsec@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Henry,

In the revision of 2401 we plan to modify the text somewhat. This issue was discussed before and we took notes on the changes to be made, but have not distributed them to the list.

We would like an IPsec implementation to be configurable re how it processes the TOS field for tunnel mode for transmitted and received packets. One configuration setting would operate as the current spec requires. Another would allow the field to be mapped to a fixed value, on a per SA basis. (The value might really be fixed for all traffic outbound from a device, but per SA granularity allows that as well.) This configuration option allows folks, on a local basis, to decide whether the covert channel provided by copying these bits outweighs the benefits of copying.

For inbound traffic, the QoS folks have requested that we allow copying of the bits, which are currently discarded. One configuration option here would permit this, the other would maintain the status quo, i.e., discard.

Would this set of options, plus the accompanying rationale, address your concerns?

Steve

Follow-Ups:
- Re: TOS copying considered harmful
  - From: Henry Spencer
- Re: TOS copying considered harmful
  - From: Michael Thomas

References:
- TOS copying considered harmful
  - From: Henry Spencer

Prev by Date: Re: TOS copying considered harmful
Next by Date: Re: TOS copying considered harmful
Previous by thread: TOS copying considered harmful
Next by thread: Re: TOS copying considered harmful
Index(es):
- Date
- Thread