[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bidding down attach on NAT-T
This seems like such an imaginary problem. I mean, what are you going to do
to prevent it? An international registry of authorized NATs? Bring back
strick source routing?
A while back when I was working on keepalives, people used to complain that
the protocol was insecure because the intermediate router could simply drop
the keepalive packets, thus making the link appear dead. To which I replied
sure, but they could also just drop all the packets, making the link really
dead.
IPsec is supposed to be secure communication over an insecure medium. Let's
try to work within that scope.
Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail