[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure remote access with IPsec

To: Jari Arkko <jari.arkko@kolumbus.fi>
Subject: Re: Secure remote access with IPsec
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 25 Mar 2003 23:23:06 +0100
cc: Tero Kivinen <kivinen@ssh.fi>, ipsec@lists.tislabs.com
In-reply-to: Your message of Tue, 25 Mar 2003 22:45:43 +0200. <3E80BFF7.3080607@kolumbus.fi>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   Tero, your text looks good and I like this. I'm OK with
   notification approach. I also agree with your approach
   to require the routability test everytime. There are
   situations where you could avoid it, but imho SHOULD
   is the right keyword right now; folks that want to work
   out optimized signaling sequences can do the work on their
   or later to figure out in which cases you can actually
   leave it out. Finally, its good to allow the notification
   to be sent from either the old or the new address; the
   former may make sense when you know beforehand that you
   will move.
   
=> your position is not sound: if you allow an update for
a future movement ("Finally, ...") then the mandatory routability
check won't work.

Regards

Francis.Dupont@enst-bretagne.fr

PS: it is too soon to discuss this, the urgent stuff is to have
a good document for IKEv2 out, and we agreed to postpone the
explicit update mechanism.

Follow-Ups:
- Re: Secure remote access with IPsec
  - From: Jari Arkko <jari.arkko@kolumbus.fi>

References:
- Re: Secure remote access with IPsec
  - From: Jari Arkko <jari.arkko@kolumbus.fi>

Prev by Date: Re: Secure remote access with IPsec
Next by Date: Re: Secure remote access with IPsec
Prev by thread: Re: Secure remote access with IPsec
Next by thread: Re: Secure remote access with IPsec
Index(es):
- Date
- Thread