[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec Complexity

To: "W. Mark Townsley" <townsley@cisco.com>
Subject: Re: IPSec Complexity
From: Stephen Kent <kent@bbn.com>
Date: Fri, 18 Feb 2000 12:53:25 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <38AD7A8C.DD010D8B@cisco.com>
References: <Pine.GSO.4.10.10002181026120.23287-100000@uzura.cisco.com><v04220804b4d31973edb7@[171.78.30.107]> <38AD7A8C.DD010D8B@cisco.com>
Sender: owner-ipsec@lists.tislabs.com

mark,

The description you provide for filtering seems plausible, but is not 
in any standard. It implies a linkage between PPP, L2TP, and IPsec 
that is not defined in any of those standards.  Also, in other than 
the dialup user case, e.g., in extranets and intranets based on 
IPsec, it is not clear that the same linkages will occur.

So, I guess I'm willing to believe that a vendor could create an 
implementation that maintained the SA linkages you describe, but it 
would appear that such linkages would be outside the scope of all the 
relevant standards.  Not being a fan of relying on vendor-specific 
implementation conventions to achieve security, I can't be too 
enthusiastic about this approach.

Steve

Follow-Ups:

Re: IPSec Complexity

From: "W. Mark Townsley" <townsley@cisco.com>

Re: IPSec Complexity

From: Ricky Charlet <rcharlet@redcreek.com>

References:

Re: IPSec Complexity

From: Skip Booth <ebooth@cisco.com>

Re: IPSec Complexity

From: Stephen Kent <kent@bbn.com>

Re: IPSec Complexity

From: "W. Mark Townsley" <townsley@cisco.com>

Prev by Date: RE: IPSec Complexity
Next by Date: Re: IPSec Complexity
Prev by thread: Re: IPSec Complexity
Next by thread: Re: IPSec Complexity
Index(es):
- Main
- Thread