[rbridge] TTL only - was RE: New fields in shim header?
Eric.Gray at marconi.com
Fri Oct 13 09:58:26 PDT 2006
In this forum, it is a bit risky to argue that any subset of
IPSec authentication is useful - particularly if you can also make
the assumption that IPSec could be used directly.
The phrase "much more difficult" is not especially meaningful
when what you really need is to distinguish possible and impossible.
"More difficult" equates to "more challenging" to the average hacker
and assuming that "more difficult" provides any degree of protection
is an easy mistake to make.
--> -----Original Message-----
--> From: rbridge-bounces at postel.org
--> [mailto:rbridge-bounces at postel.org] On Behalf Of Silvano Gai
--> Sent: Thursday, October 12, 2006 4:26 PM
--> To: Caitlin Bestler; Joe Touch
--> Cc: rbridge at postel.org; Radia Perlman
--> Subject: Re: [rbridge] TTL only - was RE: New fields in shim header?
--> I didn't reply to your last point
--> > I am assuming there is no desire to replicate IPSEC funcationality
--> > at L2 then *all* of the L2 headers may be forged. I don't see how
--> > you can claim that any specific one is more trustworthy than
--> > the others.
--> Even without IPsec, RBridges can authenticate to each other
--> and forging
--> an RBridge is much more difficult that using a readily
--> available program
--> on your PC to spoof the IP or MAC address.
--> -- Silvano
--> rbridge mailing list
--> rbridge at postel.org
More information about the rbridge