[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
Stephen Kent wrote:
>
> >Mark,
>
> >Ah, but the binding is not lost. As I have said to you and on this list
> >before, there is a 1:1 correlation between the SA, the l2tp session, the
> >"user-authorized" PPP session, and thus the access control and policy
> >for that user. This is key to the way l2tp+ipsec is intended to operate.
> >If you wish, we could even include a section in the l2tp-security draft
> >that spells this out in a more direct manner. The omission of this
> >specific text is only due to the fact that it so plainly obvious to
> >those who have lived and worked in the traditional dialup space for
> >years. Perhaps it is this kind of input we need, however, to ensure that
> >we cover all points of reference.
>
> And, I have noted before, we have only the assurance of vendors on
> this important security issue, because no RFCcs specify how this is
> done. Personally, I'm more comfortable with a standards-specified
> approach to such security critical issues, rather than the assurances
> I have received from the L2TP community that "well, everybody does
> the right thing in their products and we all know it ..."
Point taken. We will make efforts to ensure that as much common
knowledge as possible in this arena is documented for review and
critique.
>
> Steve
References: