[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate



In message <199809112157.RAA02441@2gn.com>, Rodney Thayer writes:

> well since nobody else seems to care where the packet came from I suppose
> it's fine.

If you *do* care where the packet came from, then your local policy engine
should do the enforcement. The point is that "caring where the packet came
from" should *not* be a mandatory requirement of the standard. It's perfectly
valid to not care where the packet came from when you know *who* it came
from...

-- 
C. Harald Koch     <chk@utcc.utoronto.ca>

"It takes a child to raze a village."
		-Michael T. Fry


References: