[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSP and Netscape

To: "Kipp E.B. Hickman" <[email protected]>
Subject: Re: IPSP and Netscape
From: "Perry E. Metzger" <[email protected]>
Date: Tue, 13 Dec 1994 14:10:20 -0500
Cc: [email protected]
In-Reply-To: Your message of "Tue, 13 Dec 1994 10:57:34 PST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


"Kipp E.B. Hickman" says:
> A (probably naive) question: If IPSP is essentially "tunnelling",
> don't sysadmin's and the like get concerned that now their fancy
> routers etc. can no longer shield certain classes of unwanted
> traffic?

You are right that an encrypted IPSP packet can't be "peeked into" and
thus can't be selectively blocked by a filtering router. There is,
however, a notion in the IPv6 version (will be in the v4 version if I
have anything to do with it) of a "transparent authentication header"
which allows you to achieve authentication without privacy for those
situations that require the ability to filter packets at a firewall.

Overall, however, IPSP reduces (but does NOT by any means eliminate)
the need for firewalls, because IPSP packets can be fully private and
authenticated and thus can't be hijacked.

Perry

References:
- Re: IPSP and Netscape
  - From: "Kipp E.B. Hickman" <[email protected]>

Prev by Date: re: unix and windows
Next by Date: Re: BofA+Netscape
Prev by thread: Re: IPSP and Netscape
Next by thread: Re: IPSP and Netscape
Index(es):
- Date
- Thread