[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: Simplifying IKE
From: Michael Thomas <mat@cisco.com>
Date: Wed, 8 Aug 2001 07:26:13 -0700 (PDT)
Cc: Dan McDonald <danmcd@East.Sun.COM>, Sandy Harris <sandy@storm.ca>, ipsec@lists.tislabs.com
In-Reply-To: <200108081248.f78CmLu72505@givry.rennes.enst-bretagne.fr>
References: <200108080219.f782JIp00242@kebe.east.sun.com><200108081248.f78CmLu72505@givry.rennes.enst-bretagne.fr>
Sender: owner-ipsec@lists.tislabs.com

Francis Dupont writes:
 > PS: I am not in favor to reduce IPsec to VPNs, the thing which will happen
 > if we remove AH then transport mode...

Francis,

I'm not in favor of VPN only IPsec either, but I don't
understand removal of AH would be a step in that direction.
The very existence of AH, I think, is at the root of 
a lot of the misunderstanding that happened with MIPv6.
It may not have eliminated all of the misuses of IPsec,
but it seems like a pretty vivid example of how more
options == more confusion of how they all work (or
don't work as the case were).

	      Mike

Follow-Ups:

Re: Simplifying IKE

From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:

Re: Simplifying IKE

From: Dan McDonald <danmcd@East.Sun.COM>

Re: Simplifying IKE

From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: IKE must have no Heirs
Next by Date: RE: IKE must have no Heirs
Prev by thread: Re: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread