[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: I-D ACTION:draft-ietf-ipsec-rfc2402bis-01.txt
RE: I-D ACTION:draft-ietf-ipsec-rfc2402bis-01.txt
Hi all,
Yes, this is a key issue in supporting dynamic = routing inside IPsec-based VPNs. Applying IP-in-IP encapsulation = (RFC 2003) before transport mode results in a packet which is the same = as tunnel mode (satisfying any security issues), BUT allows routing = (i.e., setting the encapsulating destination address to the known = next-IPsec-hop) to be handled cleanly.
Regards,
Paul Knight
> -----Original Message-----
> From: Joe Touch [<3d.htm>mailto:touch@ISI.EDU]
> Sent: Wednesday, July 03, 2002 12:21 PM
> To: ipsec@lists.tislabs.com
> Subject: Re: I-D = ACTION:draft-ietf-ipsec-rfc2402bis-01.txt
>
>
> Internet-Drafts@ietf.org wrote:
> > A New Internet-Draft is available from the = on-line
> Internet-Drafts directories.
> > This draft is a work item of the IP = Security Protocol
> Working Group of the IETF.
> >
> > Title = : IP Authentication = Header
> > = Author(s) : S. Kent
> > = Filename : = draft-ietf-ipsec-rfc2402bis-01.txt
> > Pages = : 30
> > Date = : 02-Jul-02
>
> Hi, all,
>
> To start the discussion off, we'd certainly = appreciate having section
> 3.1.2 at least say "MUST use tunnel mode = or its equivalent, i.e.,
> transport over 2003-style IP = encapsulation".
>
> We have raised this issue before; details of = why are in
> draft-touch-ipsec-vpn-03.txt
>
> (and we're hoping that 2401bis more directly = addresses this issue).
>
> Joe
>
>
>