[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful

To: Stephen Kent <kent@bbn.com>
Subject: Re: Modefg considered harmful
From: Bora Akyol <bora@cisco.com>
Date: Mon, 03 Feb 2003 17:41:42 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <p0510030dba64648b8eda@[128.89.88.34]>
References: <Pine.LNX.4.44.0302011943080.9975-100000@internaut.com><Pine.LNX.4.44.0302011943080.9975-100000@internaut.com>
Sender: owner-ipsec@lists.tislabs.com

At 04:55 PM 2/3/2003 -0500, Stephen Kent wrote:
>In 2401bis, we plan on de-coupling route selection from SA selection, by 
>having an explicit lookup for routing performed prior to SA selection, and 
>then passing along a virtual interface ID as part of the SA selection 
>process.  This is something that was discussed among a set of folks 
>interested in PPVPN and overlay nets over the last several months. If 
>adopted, this would make it easier to accommodate the sort of full-fledged 
>routing participation that you allude to.

I fear that this is straying from the scope of the ipsec working group to 
something much larger. As you point out there is no infra-structure in the 
Internet to verify that either a route or its advertiser are authentic. 
Specification of a virtual interface ID is implementation specific.

I want to understand more of the concern here. Is the concern that ipsec 
SAs are being used to route traffic or due to the uncontrolled routing, 
some packets that should be secured are going in the clear due to the wrong 
interface selection?

Can you please elaborate the reasoning behind this concern and verbiage?

Thanks

Bora

Follow-Ups:
- Re: Modefg considered harmful
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: Modefg considered harmful
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: RE: Modefg considered harmful
Next by Date: [IPsec and remote access] Security Policy Configuration
Prev by thread: Re: Modefg considered harmful
Next by thread: Re: Modefg considered harmful
Index(es):
- Date
- Thread