Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

At 11:10 PM 3/26/98 -0800, Phil Karn wrote:
>
>In such "tunnel" configurations, the packets are still available in
>plaintext within the private networks, where they can be monitored and
>debugged by the operators of those networks. Similarly, any
>information needed by the subnet's internal and border routers for
>traffic classification is still available.  Only the external, public
>part of the path is encrypted.

Many of my network security colleagues look at this as a short-term interim
item.  End-to-end is where we want to go.  This makes some interesting
challenges for addressing (I got to see what the NAT people are going to
say about IPsec...).


Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec at htt-consult.com

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.