[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Windows 2000 and Cicsco router interoperability



Stephen Kent [mailto://kent@bbn.com] writes:

> >Mark,
>
>
>
> >Ah, but the binding is not lost. As I have said to you and on this list
> >before, there is a 1:1 correlation between the SA, the l2tp session, the
> >"user-authorized" PPP session, and thus the access control and policy
> >for that user. This is key to the way l2tp+ipsec is intended to operate.
> >If you wish, we could even include a section in the l2tp-security draft
> >that spells this out in a more direct manner. The omission of this
> >specific text is only due to the fact that it so plainly obvious to
> >those who have lived and worked in the traditional dialup space for
> >years. Perhaps it is this kind of input we need, however, to ensure that
> >we cover all points of reference.
>
> And, I have noted before, we have only the assurance of vendors on
> this important security issue, because no RFCcs specify how this is
> done. Personally, I'm more comfortable with a standards-specified
> approach to such security critical issues, rather than the assurances
> I have received from the L2TP community that "well, everybody does
> the right thing in their products and we all know it ..."

Such assurances are unnecessary.  In the final analysis, if security is
important to customers, they will buy secure products and configure them
correctly.  If security isn't important to customers, no number of
'standards-specified approaches' will have any effect.

>
> Steve
>
>
>



Follow-Ups: References: