[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: addresses and IKEv2

To: Lars Eggert <larse@ISI.EDU>
Subject: Re: addresses and IKEv2
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Fri, 17 May 2002 11:53:32 +0200
cc: Michael Thomas <mat@cisco.com>, Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
In-reply-to: Your message of Thu, 16 May 2002 15:55:29 PDT. <3CE438E1.9060302@isi.edu>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   > Like Francis I suspect, there's a lot to be gained
   > for mobility if we separate routing tags from
   > identity. In particular, it would be very, very
   > advantageous to be able to create a tunnel where
   > the outer routing tag is irrelevant so long as the
   > inner payloads/integrity all check out.

   Isn't this accomplished by end-to-end transport mode IPsec that goes 
   through an unsecured IPIP tunnel?

=> unfortunately this is the opposite because transport mode in IPIP
knows *only* the outer header.

Thanks

Francis.Dupont@enst-bretagne.fr

PS: my favourite question to IPsec people was "is your IPv6 tunnel mode
an interface?" I *never* got a really sensible answer (:-)...

Follow-Ups:
- Re: addresses and IKEv2
  - From: Lars Eggert <larse@ISI.EDU>

References:
- Re: addresses and IKEv2
  - From: Lars Eggert <larse@ISI.EDU>

Prev by Date: Re: addresses and IKEv2
Next by Date: RE: ike-modp-groups-04
Prev by thread: Re: addresses and IKEv2
Next by thread: Re: addresses and IKEv2
Index(es):
- Date
- Thread