[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some issues about IPSec

To: Charles Lynn <clynn@bbn.com>
Subject: Re: some issues about IPSec
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Mon, 26 Jan 1998 15:29:44 -0500
cc: ipsec@tis.com
In-reply-to: clynn's message of "Mon, 26 Jan 1998 12:51:55 -0500". <199801261752.MAA20371@relay.hq.tis.com>
References: <199801261752.MAA20371@relay.hq.tis.com>
Sender: owner-ipsec@ex.tis.com

In message <199801261752.MAA20371@relay.hq.tis.com>, Charles Lynn writes:
> 
> Maybe I was not sufficiently clear.  My message was intended to give
> reasons why Transport Mode is needed, not about the relative merits of
> the different tunneling schemes.

Oops. Sorry; hot button there. The "tunnelling is all wrong!" statement came
up in the past, and I interpreted your remarks as a repetition of that
sentiment.

> Have you heard about the suggestions
> to help the scaling and autoconfiguration problem by having routers
> rewrite IP addresses as the packets pass by?

I've heard such things. Most of the routing people I trust haven't mentioned
support for this idea, so I doubt it will fly. Also, there are many protocols
being actively deployed these days that embed IP addresses in packets (much
to the annoyance of us firewall developers). Anything that re-writes
addresses on the fly is going to break some popular but undocumented
internet phone or video conferencing protocol, and millions of users will
scream.

> Lots of things for us to consider in IPSecond.

Agreed!

-- 
Harald

References:

Re: some issues about IPSec

From: Charles Lynn <clynn@bbn.com>

Prev by Date: Re: some issues about IPSec
Next by Date: Re: some issues about IPSec
Prev by thread: Re: some issues about IPSec
Next by thread: Re: some issues about IPSec
Index(es):
- Main
- Thread