[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PPP over IPSec (without L2TP)?
Paul Koning wrote:
> >>>>> "Ari" == Ari Huttunen <Ari.Huttunen@datafellows.com> writes:
>
> Ari> ...
> Ari> As to the re-ordering of packets by IPSec.. IPSec already does
> Ari> sequence numbers. It shouldn't be too difficult to define a new
> Ari> IPSec SA attribute negotiable by IKE that says "sequenced
> Ari> delivery of packets required". The recieving IPSec
> Ari> implementation would perhaps try to re-order packets during a
> Ari> few milliseconds or whatever, and drop packets that come after
> Ari> that.
>
> Yuck.
>
> Sure, it would be easy enough to add such an attribute, but adding the
> actual mechanism is quite another matter.
>
> Sequence protection doesn't belong in IP. It hasn't been there for 30
> years, and it doesn't make sense to add it now. I very much doubt
> that you could get agreement to add such a thing as a mandatory
> capability (certainly I'd object loudly) or even as a recommended
> capability.
Where's the beef? Using the same argumentation we'd never have,
for example, speech on top of IP, since "for more than 30 years
we've had speech on a telephone line.. etc."
Besides, IP is connectionless while IPSec in all its forms is
connection-oriented. (Not counting HIP.)
--
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
Data Fellows Corporation http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security
References: