[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: comments on VPN framework document

To: Stephen Waters <Stephen.Waters@digital.com>
Subject: RE: comments on VPN framework document
From: Stephen Kent <kent@bbn.com>
Date: Mon, 12 Oct 1998 15:18:51 -0400
Cc: Bernard Aboba <aboba@internaut.com>, ipsec@tis.com, l2tp@zendo.com
In-Reply-To: <250F9C8DEB9ED011A14D08002BE4F64C01EB598E@wade.reo.dec.com>
Sender: owner-ipsec@ex.tis.com

Stephen,

>I was comparing the IPSEC-tunnel (as defined in the IPSEC architecture) with
>other IP tunneling recommendations - all of which have much more too them
>than
>just encapsulating the original packet with an IP header.
>
>
>> >If you encrypt the original IP header,
>> >what alternative have you got but to
>> >add another one.
>>
>> The same comment could be made about an
>> L2TP packet, which is encrypted when contained
>> in IPSEC/L2TP.
>
>Again - I was making the point the adding an IP header is ALL the
>IPSEC tunnel is, nothing more.


Not quite true.  There are processing rules for both sender and receiver
that make IPsec tunnels more than you say here, e.g., how to construct the
outbound header and what to check in the inner header upon receipt.


Steve

References:

RE: comments on VPN framework document

From: Stephen Waters <Stephen.Waters@digital.com>

Prev by Date: Re: comments on VPN framework document
Next by Date: RE: comments on VPN framework document
Prev by thread: RE: comments on VPN framework document
Next by thread: Re: comments on VPN framework document
Index(es):
- Main
- Thread