[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: Son of IKE: A proposal for moving forward

To: sommerfeld@east.sun.com
Subject: Re: Fwd: Re: Son of IKE: A proposal for moving forward
From: Paul Koning <pkoning@equallogic.com>
Date: Thu, 13 Jun 2002 17:45:12 -0400
Cc: henry@spsystems.net, ipsec@lists.tislabs.com
References: <Pine.BSI.3.91.1020613141449.16839C-100000@spsystems.net><200206131904.g5DJ4YZs004605@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

Excerpt of message (sent 13 June 2002) by Bill Sommerfeld:
> > There is no reason why the two trusted "networks" can't be single hosts --
> > that's just a degenerate case.  It involves both minor complications and
> > minor simplifications, and is, as Paul said, a common VPN situation. 
> 
> there are certain obvious scaling problems with this approach.
> 
> direct use of transport mode is likely to be easier to manage, require
> fewer addresses, and be simpler with large numbers of hosts.

Tunnel mode does not *require* more addresses than transport mode --
though it allows them.

       paul

References:
- Re: Fwd: Re: Son of IKE: A proposal for moving forward
  - From: Henry Spencer <henry@spsystems.net>
- Re: Fwd: Re: Son of IKE: A proposal for moving forward
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: Fwd: Re: Son of IKE: A proposal for moving forward
Next by Date: Re: Son of IKE: A proposal for moving forward
Prev by thread: Re: Fwd: Re: Son of IKE: A proposal for moving forward
Next by thread: RE: Son of IKE: A proposal for moving forward
Index(es):
- Date
- Thread