[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSP and Netscape




"Kipp E.B. Hickman" says:
> A (probably naive) question: If IPSP is essentially "tunnelling",
> don't sysadmin's and the like get concerned that now their fancy
> routers etc. can no longer shield certain classes of unwanted
> traffic?

You are right that an encrypted IPSP packet can't be "peeked into" and
thus can't be selectively blocked by a filtering router. There is,
however, a notion in the IPv6 version (will be in the v4 version if I
have anything to do with it) of a "transparent authentication header"
which allows you to achieve authentication without privacy for those
situations that require the ability to filter packets at a firewall.

Overall, however, IPSP reduces (but does NOT by any means eliminate)
the need for firewalls, because IPSP packets can be fully private and
authenticated and thus can't be hijacked.

Perry