[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: sommerfeld@orchard.arlington.ma.us
Subject: Re: Bruce Schneier on IPsec
From: Phil Karn <karn@ka9q.ampr.org>
Date: Tue, 1 Feb 2000 10:05:23 -0800
CC: msa@hemuli.tte.vtt.fi, sandy@storm.ca, ipsec@lists.tislabs.com
In-reply-to: <200002011241.MAA19451@orchard.arlington.ma.us> (message fromBill Sommerfeld on Tue, 01 Feb 2000 07:41:08 -0500)
References: <200002011241.MAA19451@orchard.arlington.ma.us>
Reply-to: karn@qualcomm.com
Sender: owner-ipsec@lists.tislabs.com

>Always having the inner ip header (making the outer ip header
>irrelevant) would allow the check to always be done as part of ipsec
>rather than over in some other part of the system.

But these features are already being implemented in firewall and
policy routing modules (e.g., the policy routing stuff in Linux
2.2). Why reinvent the wheel?

Phil

References:

Re: Bruce Schneier on IPsec

From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

Prev by Date: Re: Bruce Schneier on IPsec
Next by Date: RE: issues raised at VPN interoperability workshop
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: RE: Bruce Schneier on IPsec
Index(es):
- Main
- Thread