[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: Sandy Harris <sandy@storm.ca>
Subject: Re: Bruce Schneier on IPsec
From: itojun@iijlab.net
Date: Thu, 20 Jan 2000 22:22:07 +0900
cc: IP Security List <ipsec@lists.tislabs.com>
In-reply-to: sandy's message of Thu, 20 Jan 2000 08:01:09 EST. <38870715.6A597851@storm.ca>
Sender: owner-ipsec@lists.tislabs.com


>> On the other hand, the distinction between transport mode and tunnel mode is a
>> vital matter of network architecture, and I don't think that that was properly
>> understood by the authors.  (I sent a long note to them on this topic quite
>> some time ago.)  I'm quite convinced that we made the right choice there, and
>> see no reason to revisit it.
>Could you post the note here, or is it perchance in the archives? The reason
>for having the two modes is far from obvious to me, and perhaps others.

	I agree with Sandy.  I always wonder why we have tunnel mode,
	when there are tons of other simple tunnelling proposals (RFC1933,
	GRE, you name it).  We can combine them to get similar behavior.
	If there's clear reason for having tunnel mode in IPsec document,
	I would like to know that (please don't repost, URL is just fine).

itojun

References:

Re: Bruce Schneier on IPsec

From: Sandy Harris <sandy@storm.ca>

Prev by Date: Re: Bruce Schneier on IPsec
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread