[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Authentication styles



On Wed, 19 Jun 2002, Stephen Kent wrote:

> If the features are all in the same box, and SA information is used to
> maintain the binding between packets and the negotiated SAs, then that
> counts as an IPsec security gateway and we have no argument.
>
> Steve

So, the limited 'static packet filtering' in IPsec is optional (if the
binding can be maintained between the data source authentication and the
packet, untill the firewall does the access control checks).

>
> P.S.  You still have not answered my question, so I assume the answer
> is not one that supports your suggestion that IPsec delegate
> responsibility for remote access security to the L2TP WG.
>

In the L2TP+IPsec scenario the above observation was what we decided on
and I think we convinced you then too, that we have no argument.

That is why I beleive that there was no technical reason for rejecting the
L2TP+IPsec proposal. Did I miss anything else?

    chinna