[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IBM VPN Bakeoff Issues

To: Stephen Kent <kent@bbn.com>
Subject: Re: IBM VPN Bakeoff Issues
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Fri, 06 Nov 1998 16:11:55 -0800
CC: Stephen Waters <Stephen.Waters@digital.com>, Tim Jenkins <tjenkins@TimeStep.com>, ipsec@tis.com
Organization: RedCreek Communications
References: <v0401170ab267e5628b5b@[128.33.238.37]>
Sender: owner-ipsec@ex.tis.com

Stephen Kent wrote:
> > 2) The encapsulation mode of all services offered MUST match that
> >encapsulation mode of the bundle as a whole.
> 
> Well, remember that a bundle can apply to traffic terminating at two
> different endpoints, specifically the required combination of a tunnel SA
> to an SG with a transport SA to a host behind the SG.

Precisely. And what about ESP in tunnel mode, wrapped with AH in
transport mode between 2 SGs?

I recognize all too well how these restrictions would simplify
processing, but don't think that makes for a good reason to modify the
spec.

Follow-Ups:

Re: IBM VPN Bakeoff Issues

From: Stephen Kent <kent@bbn.com>

References:

RE: IBM VPN Bakeoff Issues

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: IBM VPN Bakeoff Issues
Next by Date: Re: IBM VPN Bakeoff Issues
Prev by thread: RE: IBM VPN Bakeoff Issues
Next by thread: Re: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread