[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv4 Security

To: ipsec@ans.net
Subject: Re: IPv4 Security
From: Theodore Ts'o <tytso@Athena.MIT.EDU>
Date: Wed, 14 Apr 93 17:04:20 -0400
Address: 1 Amherst St., Cambridge, MA 02139
In-Reply-To: Ran Atkinson's message of Wed, 14 Apr 1993 14:41:43 -0400,<9304141441.ZM11185@tengwar.itd.nrl.navy.mil>
Phone: (617) 253-8091

   From: atkinson@tengwar.itd.nrl.navy.mil (Ran Atkinson)
   Date: Wed, 14 Apr 1993 14:41:43 -0400

>   * works with CLNP, as well as IP
>
>     This is most certainly NOT a requirement for me.  My GOSIP
>   transition plan is from IPv4 to IP:TNG only.  I think this is unduly

What does this requirement *mean*?

Does it mean that whatever mechanism which comes out of the IPSEC wg has
to be byte-for-byte identical to whatever security protocol CLNP uses?
If so, then the requirements have basically been rigged so that the only
possible answer is NLSP, despite whatever other advantages or
disadvantages it might have.

Or does it mean that there has to be a way to build gateways that can
interoperate between the IP and CLNP security protocols?  I would think
that it should be the latter, since if you're going to interoperate,
there will have to be a gateway that strips off the IP header and stick
on a CLNP header --- all you'd need to do is have that gateway translate
the IPSEC header to a NLSP header as well.  Sure, this might not work at
ATM speeds, but as Ran pointer out at the wg meeting, NLSP doesn't work
ATM speeds anyway.  (because of its use of TLV encoding, I believe).

							- Ted

References:

Re: IPv4 Security

From: atkinson@tengwar.itd.nrl.navy.mil (Ran Atkinson)

Prev by Date: Re: IPv4 Security
Next by Date: I-D on Security Questions for IP:TNG
Prev by thread: Re: IPv4 Security
Next by thread: Re: IPv4 Security
Index(es):
- Main
- Thread