[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: addresses and IKEv2
In your previous mail you wrote:
> Like Francis I suspect, there's a lot to be gained
> for mobility if we separate routing tags from
> identity. In particular, it would be very, very
> advantageous to be able to create a tunnel where
> the outer routing tag is irrelevant so long as the
> inner payloads/integrity all check out.
Isn't this accomplished by end-to-end transport mode IPsec that goes
through an unsecured IPIP tunnel?
=> unfortunately this is the opposite because transport mode in IPIP
knows *only* the outer header.
Thanks
Francis.Dupont@enst-bretagne.fr
PS: my favourite question to IPsec people was "is your IPv6 tunnel mode
an interface?" I *never* got a really sensible answer (:-)...