[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec in tunnel mode and dynamic routing

To: Stephen Kent <kent@bbn.com>
Subject: Re: ipsec in tunnel mode and dynamic routing
From: Joe Touch <touch@ISI.EDU>
Date: Fri, 30 Nov 2001 14:03:00 -0800
CC: ipsec@lists.tislabs.com
References: <20011119193857.6C4687B55@berkshire.research.att.com> <3BF987FB.7070908@isi.edu> <p05010409b82d796af8f9@[128.89.88.34]> <3C07CF58.4070802@isi.edu> <p05010412b82db0ccfc4c@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2

Stephen Kent wrote:

> 
> 2401 requires that the SA binding be maintained only within the IPsec 
> implementation. I understood your comments to suggest something else, 
> e.g., a separate firewall module not part of IPsec.  If I misunderstood, 
> I apologize.

We want the SA is kept outside the IPsec, so that packets that pass 
through other modules in the meantime will retain their SA, e.g., Sec 8.4.

Joe

Follow-Ups:

Re: ipsec in tunnel mode and dynamic routing

From: Stephen Kent <kent@bbn.com>

References:

Re: ipsec in tunnel mode and dynamic routing

From: "Steven M. Bellovin" <smb@research.att.com>

Re: ipsec in tunnel mode and dynamic routing

From: Joe Touch <touch@ISI.EDU>

Re: ipsec in tunnel mode and dynamic routing

From: Stephen Kent <kent@bbn.com>

Re: ipsec in tunnel mode and dynamic routing

From: Joe Touch <touch@ISI.EDU>

Re: ipsec in tunnel mode and dynamic routing

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: On shared keys (was RE: SOI: identity protection and DOS)
Next by Date: RE: On shared keys (was RE: SOI: identity protection and DOS)
Prev by thread: Re: ipsec in tunnel mode and dynamic routing
Next by thread: Re: ipsec in tunnel mode and dynamic routing
Index(es):
- Main
- Thread