VPN Question
Robert Moskowitz
rgm at icsa.net
Tue Jun 22 14:24:23 EDT 1999
At 12:19 PM 6/21/99 -0700, Ryan Russell wrote:
>
>
>It depends on how your QoS scheme works. Some of them work by
>making their own changes to various headers. Others make changes by
>informing routers along the route, and make no header changes. Still
>others (WFQ) have things essentially hard-coded by port number.
>Either of the latter 2 options should be security-compatible. The first
>may alos be, depending on how much of the headers are validated.
>
But all of these need information from the datagrams. Good security hides
everything but routing information. ERGO....
The most likely to be promogated approach would be to use IP options to
place specific datagram content unprotected for QoS. Much like ECN's use
of the TOS bits.
Robert Moskowitz
ICSA, Inc.
(248) 968-9809
Fax: (248) 968-2824
rgm at icsa.net
There's no limit to what can be accomplished
if it doesn't matter who gets the credit
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
More information about the VPN
mailing list