[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: henry@spsystems.net
Subject: Re: Bruce Schneier on IPsec
From: Phil Karn <karn@ka9q.ampr.org>
Date: Wed, 2 Feb 2000 16:24:28 -0800
CC: ipsec@lists.tislabs.com
In-reply-to: <Pine.BSI.3.91.1000201124602.16177C-100000@spsystems.net>(message from Henry Spencer on Tue, 1 Feb 2000 12:50:47 -0500 (EST))
References: <Pine.BSI.3.91.1000201124602.16177C-100000@spsystems.net>
Reply-to: karn@qualcomm.com
Sender: owner-ipsec@lists.tislabs.com

>It may not be traditional, but it is increasingly common in the real
>world.  And the sysadmins are not going to want to deal with two separate
>filtering mechanisms, one inside IPSec and one for everything else.

Exactly my point. IP policy routing mechanisms can be complicated and
hard to understand, even for someone who is already familiar with IP
routing.  So it is especially important to do things in a modular
fashion and to avoid redundant duplication of redundant facilities...

Phil

References:

Re: Bruce Schneier on IPsec

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: Bruce Schneier on IPsec
Next by Date: RE: Bruce Schneier on IPsec
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread