[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2401 section 5.2.1

To: Henry Spencer <henry@spsystems.net>, Francis Dupont <Francis.Dupont@enst-bretagne.fr>, itojun@iijlab.net, ipsec@lists.tislabs.com
Subject: Re: RFC 2401 section 5.2.1
From: Joe Touch <touch@ISI.EDU>
Date: Fri, 24 Nov 2000 13:54:29 -0800
References: <Pine.BSI.3.91.1001124123945.24306C-100000@spsystems.net> <3A1EBF34.84A61E5@isi.edu>
Sender: owner-ipsec@lists.tislabs.com



Joe Touch wrote:
> 
> Henry Spencer wrote:
> >
> > On Fri, 24 Nov 2000, Francis Dupont wrote:
> > >    It would be sensible to retain both if transport mode was the fundamental
> > >    IPsec mode and tunnel mode was *just* IPIP tunneling over a transport-mode
> > >    connection.
> > >
> > > => it is...
> >
> > No.  Not by RFC 2401, it's not.  Please distinguish carefully between the
> > way you think the protocols should work, and the way they are currently
> > specified to work.  Don't be misled by RFC 2401 saying that tunnel mode is
> > "essentially" a tunnel within transport mode; that is a useful explanation
> > but it is not literally true, not when you examine the details.
> 
> The differences are outlined in our ID, draft-touch-ipsec-vpn-00.txt.

PS - that draft did expire, and may not be widely availabley anymore.
However, I just completed and submitted an update, which addresses only
the IPIP encapsulation/decapsulation rules as an appendix, mostly.

It should be available in the usual places shortly; in the meantime, it
can be retreived from:

	http://www.isi.edu/touch/pubs/draft-touch-ipsec-vpn-01.txt
Joe

References:

Re: RFC 2401 section 5.2.1

From: Henry Spencer <henry@spsystems.net>

Re: RFC 2401 section 5.2.1

From: Joe Touch <touch@ISI.EDU>

Prev by Date: Re: RFC 2401 section 5.2.1
Next by Date: Re: RFC 2401 section 5.2.1
Prev by thread: Re: RFC 2401 section 5.2.1
Next by thread: Re: RFC 2401 section 5.2.1
Index(es):
- Main
- Thread