[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bidding down attach on NAT-T

"jpickering@creeksidenet.com" <jpickering@creeksidenet.com> writes:

> Just a reminder that there are many non-VPN uses for IKE2, such as RPSec's
> interest to use IKE/IPSec to secure routing protocols. Such use does
> not require
> NAT.

Sure, but just because some uses don't require a feature does not
imply that it shouldn't be a "MUST."  For example, VPNs don't use AH,
but AH is still a MUST.  Similarly, if NAT-T is defined as "MUST
implement if you support ipv4", it does not imply that you have to
_USE_ NAT-T.

Just a reminder that "must implement" does not imply "must use."

> Regards,
> Jeff

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com