[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and RTP crypto

To: Stephen Kent <kent@bbn.com>
Subject: Re: IPsec and RTP crypto
From: "Marcus Leech" <mleech@nortelnetworks.com>
Date: Wed, 04 Apr 2001 14:32:19 -0400
CC: Michael Thomas <mat@cisco.com>, ipsec@lists.tislabs.com
References: <15051.3785.744052.329698@thomasm-u1.cisco.com> <p05010403b6f0e0173ee6@[128.33.4.39]>
Sender: owner-ipsec@lists.tislabs.com

Stephen Kent wrote:
> 

> 
> I am surprised to hear Jeff reported as saying what you cite above.
> IPsec has facilities to allow selective protection of traffic between
> two hosts or two sites, based on appropriate population of the SPDs
> at each end. So long as one can specify the traffic to be protected
> and not protected using the selectors employed in SPD entries, this
> should work fine.
What Jeff said was that IPSEC was a poor fit when you want to protect bits and
  pieces of a single flow/protocol--which is exactly what MIPV6 wanted.  They
  didn't realize that you couldn't say "protect only protocol element FOO in
  protocol BAR" in the SPD.

-- 
----------------------------------------------------------------------
Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
Advisor                                  Phone: (ESN) 393-9145  +1 613 763 9145
Security Architecture and Planning       Fax:   (ESN) 393-9435  +1 613 763 9435
Nortel Networks                          mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------

References:

IPsec and RTP crypto

From: Michael Thomas <mat@cisco.com>

Re: IPsec and RTP crypto

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: IPsec and RTP crypto
Next by Date: Re: IPsec and RTP crypto
Prev by thread: Re: IPsec and RTP crypto
Next by thread: Re: IPsec and RTP crypto
Index(es):
- Main
- Thread