[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH (was Re: SA identification)

To: Derek Atkins <warlord@mit.edu>
Subject: Re: Death to AH (was Re: SA identification)
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 27 Mar 2001 12:09:11 +0200
cc: Michael Thomas <mat@cisco.com>, "Marcus Leech" <mleech@nortelnetworks.com>, Henry Spencer <henry@spsystems.net>, IP Security List <ipsec@lists.tislabs.com>
In-reply-to: Your message of 26 Mar 2001 15:33:06 CDT. <sjmvgowz2wt.fsf@rcn.ihtfp.org>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   Francis Dupont <Francis.Dupont@enst-bretagne.fr> writes:

   > => I have a different concern: it will be very bad to have IPsec
   > and mobile IPv6 new built-in security fighting together.
   > In general I think IPsec must be far more mobility aware....

   Nothing says you can't have multiple security systems.  Indeed,
   I would expect there to be multiple systems in use, even for the
   same connection.  I have no problems running e.g. SSL/TLS over IPSec.

=> this is a different concern: multiple systems are bad a priori
because bug likelihood increases with complexity but the same argument
applies to systems which try to do too much...

   Just because MobileIP has its own security for the BU doesn't mean
   that IPSec cannot be used.  And just because IPSec is is use does not
   necessarily mean that it's the right solution for MobileIP BUs.

=> this is *not* what I wrote!

Regards

Francis.Dupont@enst-bretagne.fr

References:

Re: Death to AH (was Re: SA identification)

From: Derek Atkins <warlord@mit.edu>

Prev by Date: IP.Net Convention
Next by Date: TestBed for SSL / TLS / WTLS
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: Re: Death to AH (was Re: SA identification)
Index(es):
- Main
- Thread