Francis Dupont wrote: > In your previous mail you wrote: > > > Like Francis I suspect, there's a lot to be gained > > for mobility if we separate routing tags from > > identity. In particular, it would be very, very > > advantageous to be able to create a tunnel where > > the outer routing tag is irrelevant so long as the > > inner payloads/integrity all check out. > > Isn't this accomplished by end-to-end transport mode IPsec that goes > through an unsecured IPIP tunnel? > > => unfortunately this is the opposite because transport mode in IPIP > knows *only* the outer header. I didn't mean a draft-touch-ipsec tunnel (this time :-), I meant this: | Tunnel IP Header:| Orig IP Header:| IPsec: | | | TSrc -> TDst | OSrc -> ODst | Transport Mode | Payload | I.e. just run IPsec end-to-end over a MobileIP (or other IPIP) tunnel. But there may be specifics to Mobile IP that I'm ignorant of... Lars -- Lars Eggert <larse@isi.edu> USC Information Sciences Institute
S/MIME Cryptographic Signature