Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!decvax!ucbvax!ATHENA.MIT.EDU!martillo
From: martillo@ATHENA.MIT.EDU
Newsgroups: comp.protocols.tcp-ip
Subject: Separation of Layers
Message-ID: <8710312107.AA14385@PARIS.MIT.EDU>
Date: Sat, 31-Oct-87 16:07:38 EST
Article-I.D.: PARIS.8710312107.AA14385
Posted: Sat Oct 31 16:07:38 1987
Date-Received: Thu, 5-Nov-87 07:39:14 EST
References: <[A.ISI.EDU]30-Oct-87.06:57:13.CERF>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 16


If I were really worried about spoofing, I would hardly depend on IP
address consistency to guard against spoofing.  I would suggest that
this chimerical protection against spoofing violates the logical
distinction between the IP and TCP layers.  I would suggest in fact
that a host supporting several level 3s or IP like layers should
permit the passage of data packets up to the TCP protocol handler or
any other comparable level protocol handler and the TCP level protocol
handlers should not care from which of the level 3s the packet
originated.  Such logical distinction seems to be lost if level 4
worries about the remote IP address and if level 3 worries about level
4 ports.  At MIT we used subnet mask to provide some security for tftp
transfers.  I am not so sure this was such a good idea though it did
work for our purposes.

Yakim Martillo