[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: Simplifying IKE
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 8 Aug 2001 10:55:41 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <200108081248.f78CmLu72505@givry.rennes.enst-bretagne.fr>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 8 Aug 2001, Francis Dupont wrote:
>    ...I believe the source route header is primarily used to see
>    what paths are broken in a network - using the process of elimination.

Actually, the source route header is increasingly frequently ignored (or
considered grounds for dropping the packet) by implementations, because of
its utility for various forms of attack. 

> PS: I am not in favor to reduce IPsec to VPNs, the thing which will happen
> if we remove AH then transport mode...

Can you explain that statement?  ESP tunnels can do everything AH or
transport mode can do, although sometimes at very slightly greater cost. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Simplifying IKE

From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:

Re: Simplifying IKE

From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: RE: Simplifying IKE
Next by Date: Re: Re draft-kaufman-ipsec-improveike-00.txt
Prev by thread: Re: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread