IPSP and Netscape

Perry E. Metzger perry at imsi.com
Tue Dec 13 11:11:12 PST 1994



"Kipp E.B. Hickman" says:
> A (probably naive) question: If IPSP is essentially "tunnelling",
> don't sysadmin's and the like get concerned that now their fancy
> routers etc. can no longer shield certain classes of unwanted
> traffic?

You are right that an encrypted IPSP packet can't be "peeked into" and
thus can't be selectively blocked by a filtering router. There is,
however, a notion in the IPv6 version (will be in the v4 version if I
have anything to do with it) of a "transparent authentication header"
which allows you to achieve authentication without privacy for those
situations that require the ability to filter packets at a firewall.

Overall, however, IPSP reduces (but does NOT by any means eliminate)
the need for firewalls, because IPSP packets can be fully private and
authenticated and thus can't be hijacked.

Perry






More information about the cypherpunks-legacy mailing list