[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec Complexity
On Fri, 18 Feb 2000, Dan Harkins wrote:
> Nobody said that IPSec will replace/reinvent all access control policies.
> I just said that IPSec has access control mechanisms and by doing transport
> mode on some other tunneling method-- IPinIP or L2TP-- you lose that.
Well, but the question is whether we lose anything of *value* that way.
Access control mechanisms are certainly needed, but whether the stuff in
RFC 2401 is the right way to do them is another question. The mere fact
that a superficially-reasonable combination of protocols, like IP-in-IP
over transport mode, would bypass them suggests that they are not in the
right place in the overall architecture.
Henry Spencer
henry@spsystems.net
References: