[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
Hi Joe,
Please look a little closer, all my comments are prefaced by "STEVE:" I
cut the other sections from Sandy's original e-mail. I have no problems
with including NULL mode, but what I don't want to see is a situation where
we are using ESP for one thing on a packet and AH for another, simply for
what I perceive as political reasons. I'd much prefer to use a single
protocol and simplify our efforts.
Take Care,
Steve
Joe Touch
<touch@ISI.ED To: Steve.Robinson@psti.com
U> cc: Sandy Harris <sandy@storm.ca>, ipsec@lists.tislabs.com,
owner-ipsec@lists.tislabs.com
08/08/01 Subject: Re: Simplifying IKE
08:56 AM
Steve.Robinson@psti.com wrote:
>
> A few comments:
>
> 2a: eliminate ESP authentication
> 3a: require AH on all packets. No choice, no null mode. An IPsec
connection
> authenticates all packets, period.
Null mode is useful, if only for debugging and performance measurement.
Jor
Follow-Ups: