Re: IPsec and RTP crypto

[Francis Dupont <Francis.Dupont@enst-bretagne.fr>]

 In your previous mail you wrote:

   >Jeff Schiller according to Basavaraj Patil's
   >minutes (mobile IP WG chair) quotes Jeff as saying
   >that IPsec is not really a good fit in situations
   >where you want to protect some of the traffic, but
   >not all of the traffic to another host. I'd like
   >to actually get some clarification on this because
   >it seems like a pretty serious restriction for
   >VoIP.
   
   I am surprised to hear Jeff reported as saying what you cite above. 

=> so we should get a copy of Jeff's slides asap...

   IPsec has facilities to allow selective protection of traffic between 
   two hosts or two sites, based on appropriate population of the SPDs 
   at each end. So long as one can specify the traffic to be protected 
   and not protected using the selectors employed in SPD entries, this 
   should work fine.
   
=> in the context of Jeff's presentation fix protocols/profiles/ports
are used so the dynamically selected port stuff doesn't apply.
But the argument was not that it is impossible (ie. cannot) but that
many implementations don't support this (ie. should not).
I know some VPN implementations don't support selective protection but
is this so common? Of course all implementations analysed for mobile
IPv6 support have selective protection but they are host implementations
too so perhaps not in the main stream...

Regards

Francis.Dupont@enst-bretagne.fr

---

References:

• Re: IPsec and RTP crypto
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: RE: IPsec and RTP crypto
• Next by Date: Re: SCTP and IPsec issues
• Prev by thread: Re: IPsec and RTP crypto
• Next by thread: Re: IPsec and RTP crypto
• Index(es):
  • Main
  • Thread