Re: some issues about IPSec

[Engineering <osgroup@laurent.osgroup.com>]

> 
> Perhaps at this time someone can also explain to me the benefit of
> classing an SA as either tunnel or transport.  I am still a strong
> proponent of the old-style (RFC 1825) formatting which allows the IPsec
> protocol to be more powerful and more generally useful.
> 

I really don't see the benefit of transport mode at all from our
perspective.  None of our customers require it because we can communicate
securely peer to peer (This is from a VPCOM (our product) perspective).
Also, even going through a third party security gateway, peer to peer can
be done.

> 
> I guess I don't see why we should restrict the functionality of an
> implementation based on the implementation method at all.  If the
> packets emerging from the _box_ don't give any indication of what method
> was used to encapsulate them, why should we even care?
> 

The questions here are what are the beneifits of transport mode that are
not provided in tunnel mode ?

Jeffrey Goodwin
President/CEO Ashley Laurent, Inc.		www.osgroup.com

---

Follow-Ups:

• Re: some issues about IPSec
• From: Ben Rogers <ben@Ascend.COM>
• Re: some issues about IPSec
• From: Stephen Kent <kent@bbn.com>

References:

• Re: some issues about IPSec
• From: Ben Rogers <ben@Ascend.COM>

---

• Prev by Date: Re: some issues about IPSec
• Next by Date: some more issues on IPSEC
• Prev by thread: Re: some issues about IPSec
• Next by thread: Re: some issues about IPSec
• Index(es):
  • Main
  • Thread