Re: Windows 2000 and Cicsco router interoperability

[Stephen Kent <kent@bbn.com>]

>Mark,



>Ah, but the binding is not lost. As I have said to you and on this list
>before, there is a 1:1 correlation between the SA, the l2tp session, the
>"user-authorized" PPP session, and thus the access control and policy
>for that user. This is key to the way l2tp+ipsec is intended to operate.
>If you wish, we could even include a section in the l2tp-security draft
>that spells this out in a more direct manner. The omission of this
>specific text is only due to the fact that it so plainly obvious to
>those who have lived and worked in the traditional dialup space for
>years. Perhaps it is this kind of input we need, however, to ensure that
>we cover all points of reference.

And, I have noted before, we have only the assurance of vendors on 
this important security issue, because no RFCcs specify how this is 
done. Personally, I'm more comfortable with a standards-specified 
approach to such security critical issues, rather than the assurances 
I have received from the L2TP community that "well, everybody does 
the right thing in their products and we all know it ..."

Steve

---

Follow-Ups:

• Re: Windows 2000 and Cicsco router interoperability
• From: "W. Mark Townsley" <townsley@cisco.com>
• RE: Windows 2000 and Cicsco router interoperability
• From: "Glen Zorn" <gwz@cisco.com>

References:

• RE: Windows 2000 and Cicsco router interoperability
• From: Jan Vilhuber <vilhuber@cisco.com>
• RE: Windows 2000 and Cicsco router interoperability
• From: Stephen Kent <kent@bbn.com>
• Re: Windows 2000 and Cicsco router interoperability
• From: "W. Mark Townsley" <townsley@cisco.com>

---

• Prev by Date: RE: Windows 2000 and Cicsco router interoperability
• Next by Date: Re: Windows 2000 and Cicsco router interoperability
• Prev by thread: Re: Windows 2000 and Cicsco router interoperability
• Next by thread: Re: Windows 2000 and Cicsco router interoperability
• Index(es):
  • Main
  • Thread