[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Son-of-IKE Performance

To: Ari Huttunen <Ari.Huttunen@f-secure.com>
Subject: Re: Son-of-IKE Performance
From: Alex Alten <Alten@netvista.net>
Date: Wed, 12 Dec 2001 13:18:33 -0800
Cc: "Steven M. Bellovin" <smb@research.att.com>, andrew.krywaniuk@alcatel.com, "'Dan Harkins'" <dharkins@tibernian.com>, ipsec@lists.tislabs.com
In-Reply-To: <3C17263C.7E0FC9B2@F-Secure.com>
References: <3.0.3.32.20011211150520.0107a570@pop3.netvista.net>
Sender: owner-ipsec@lists.tislabs.com

At 11:41 AM 12/12/2001 +0200, Ari Huttunen wrote:
>Alex Alten wrote:
>> 
>> At 10:59 PM 12/7/2001 -0500, Steven M. Bellovin wrote:
>> >In message <001a01c17f9b$6d251610$1e72788a@andrewk3.ca.newbridge.com>,
>> "Andrew
>> >Krywaniuk" writes:
>> >>
>> >>Here's a question. Have the authors of JFK given any thought to how (if?)
>> >>they will incorporate NAT-traversal? With IKEv2, the already completed
>> >>drafts from IKEv1 can be presumably carried forward.
>> >
>> >JFK doesn't rely on IP addresses at all -- it can pass through NATs
>> >just fine.
>> >
>> 
>> Wow!  Now I am interested in reading the draft.  Since IP addresses are so
>> ephemeral and insecure this, if designed correctly, would be a fundamental
>> step forward.
>
>IKEv1 also goes through NATs just fine when you don't use IP address based
>identities; it's ESP and AH that don't.
>

RATS!  I forgot about them.

- Alex

>
>
--

Alex Alten
Alten@NetVista.Com

References:

Re: Son-of-IKE Performance

From: Alex Alten <Alten@netvista.net>

Re: Son-of-IKE Performance

From: Ari Huttunen <Ari.Huttunen@f-secure.com>

Prev by Date: Re: IKEv2 and NAT traversal
Next by Date: Re: IKEv2 and NAT traversal
Prev by thread: Re: Son-of-IKE Performance
Next by thread: RE: IKEv2 and SIGMA
Index(es):
- Main
- Thread