[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec Complexity
mark,
The description you provide for filtering seems plausible, but is not
in any standard. It implies a linkage between PPP, L2TP, and IPsec
that is not defined in any of those standards. Also, in other than
the dialup user case, e.g., in extranets and intranets based on
IPsec, it is not clear that the same linkages will occur.
So, I guess I'm willing to believe that a vendor could create an
implementation that maintained the SA linkages you describe, but it
would appear that such linkages would be outside the scope of all the
relevant standards. Not being a fan of relying on vendor-specific
implementation conventions to achieve security, I can't be too
enthusiastic about this approach.
Steve
Follow-Ups:
References: