[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCTP and IPsec issues

To: "Angelos D. Keromytis" <angelos@keromytis.org>
Subject: Re: SCTP and IPsec issues
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 04 Apr 2001 12:05:35 -0400
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 29 Mar 2001 21:25:31 EST." <200103300225.f2U2PVm19707@nyarlathotep.keromytis.org>
Sender: owner-ipsec@lists.tislabs.com


>>>>> "Angelos" == Angelos D Keromytis <angelos@keromytis.org> writes:
    Angelos> but that can be done by a series of Phase 2 exchanges just as
    Angelos> easily. In any situation that involves automatic keying (e.g.,
    Angelos> "telnet -secure foo.com"), I don't see how this would buy you
    Angelos> anything, other than increased complexity.
    >> 
    >> "ftp -secure foo.com"

    Angelos> That won't do you any good, since in neither passive or active
    Angelos> FTP do you know 
    Angelos> the server side's port until after you've started an exchange.

  That's my point. It doesn't work.
  You can't ask to have the data connected added to the control connections' SA.
You have to do a new phase 2 for each file transfered. 

] Train travel features AC outlets with no take-off restrictions|gigabit is no[
]   Michael Richardson, Solidum Systems   Oh where, oh where has|problem  with[
]     mcr@solidum.com   www.solidum.com   the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

Follow-Ups:

Re: SCTP and IPsec issues

From: Pyda Srisuresh <srisuresh@yahoo.com>

Prev by Date: Re: Two issues: AH death, and SA identification
Next by Date: Re: IPsec and RTP crypto
Prev by thread: Re: IPsec and RTP crypto
Next by thread: Re: SCTP and IPsec issues
Index(es):
- Main
- Thread