[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bidding down attach on NAT-T

To: ipsec@lists.tislabs.com
Subject: Re: bidding down attach on NAT-T
From: "Andrew Krywaniuk" <askrywan@hotmail.com>
Date: Thu, 06 Mar 2003 20:01:14 -0500
Sender: owner-ipsec@lists.tislabs.com

This seems like such an imaginary problem. I mean, what are you going to do 
to prevent it? An international registry of authorized NATs? Bring back 
strick source routing?

A while back when I was working on keepalives, people used to complain that 
the protocol was insecure because the intermediate router could simply drop 
the keepalive packets, thus making the link appear dead. To which I replied 
sure, but they could also just drop all the packets, making the link really 
dead.

IPsec is supposed to be secure communication over an insecure medium. Let's 
try to work within that scope.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=features/junkmail

Follow-Ups:
- Re: bidding down attach on NAT-T
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: I-D ACTION:draft-ietf-ipsec-ikev2-tutorial-01.txt
Next by Date: Re: comments on ikev2 05 (cryptography)
Prev by thread: Re: bidding down attach on NAT-T
Next by thread: Re: bidding down attach on NAT-T
Index(es):
- Date
- Thread