[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec and RTP crypto
Stephen Kent wrote:
>
>
> I am surprised to hear Jeff reported as saying what you cite above.
> IPsec has facilities to allow selective protection of traffic between
> two hosts or two sites, based on appropriate population of the SPDs
> at each end. So long as one can specify the traffic to be protected
> and not protected using the selectors employed in SPD entries, this
> should work fine.
What Jeff said was that IPSEC was a poor fit when you want to protect bits and
pieces of a single flow/protocol--which is exactly what MIPV6 wanted. They
didn't realize that you couldn't say "protect only protocol element FOO in
protocol BAR" in the SPD.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613 763 9145
Security Architecture and Planning Fax: (ESN) 393-9435 +1 613 763 9435
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------
References: