[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec Complexity

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: IPSec Complexity
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 18 Feb 2000 19:13:13 -0500 (EST)
In-Reply-To: <200002181937.LAA20472@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 18 Feb 2000, Dan Harkins wrote:
>   Nobody said that IPSec will replace/reinvent all access control policies.
> I just said that IPSec has access control mechanisms and by doing transport
> mode on some other tunneling method-- IPinIP or L2TP-- you lose that.

Well, but the question is whether we lose anything of *value* that way.
Access control mechanisms are certainly needed, but whether the stuff in
RFC 2401 is the right way to do them is another question.  The mere fact
that a superficially-reasonable combination of protocols, like IP-in-IP
over transport mode, would bypass them suggests that they are not in the
right place in the overall architecture. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: IPSec Complexity

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Re: IPSec Complexity
Next by Date: RE: IPSec Complexity
Prev by thread: Re: IPSec Complexity
Next by thread: RE: IPSec Complexity
Index(es):
- Main
- Thread