Re: draft-ietf-ipsec-arch-sec-02.txt and last call

[Stephen Kent <kent@bbn.com>]

Indermohan,

	Your intuition is correct. The intent of the text is that a
compliant implementation MUST support the discard fucntion, along with
bypass and IPsec processing.  If IPsec is part of a box that also
implements a firewall function, then the line between the two may be
blurred and provision of the discard function elsewhere in the box would
seem reasonable.  However, for a stand alone implementation, the discard
function is important, e.g., it can prevent traffic from reaching the
firewall or host and thus may provide a higher level of assurance that
would be available from the devicve behind the IPsec implementation.

Steve

---

References:

• Re: draft-ietf-ipsec-arch-sec-02.txt and last call
• From: Stephen Kent <kent@bbn.com>
• draft-ietf-ipsec-arch-sec-02.txt and last call
• From: Robert Moskowitz <rgm3@chrysler.com>
• I-D ACTION:draft-ietf-ipsec-arch-sec-02.txt
• From: Internet-Drafts@ietf.org
• Re: draft-ietf-ipsec-arch-sec-02.txt and last call
• From: Indermohan Singh Monga <imonga@BayNetworks.COM>
• Re: draft-ietf-ipsec-arch-sec-02.txt and last call
• From: Indermohan Singh Monga <imonga@BayNetworks.COM>

---

• Prev by Date: Re: draft-ietf-ipsec-arch-sec-02.txt and last call
• Next by Date: new draft-ietf-ipsec-doc-roadmap-02.txt posted
• Prev by thread: Re: draft-ietf-ipsec-arch-sec-02.txt and last call
• Next by thread: RE: draft-ietf-ipsec-arch-sec-02.txt and last call
• Index(es):
  • Main
  • Thread