[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure remote access with IPsec

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: Secure remote access with IPsec
From: Jari Arkko <jari.arkko@kolumbus.fi>
Date: Wed, 26 Mar 2003 00:38:21 +0200
Cc: Tero Kivinen <kivinen@ssh.fi>, ipsec@lists.tislabs.com
In-Reply-To: <200303252223.h2PMN6of079334@givry.rennes.enst-bretagne.fr>
References: <200303252223.h2PMN6of079334@givry.rennes.enst-bretagne.fr>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030211

Francis Dupont wrote:

> => your position is not sound: if you allow an update for
> a future movement ("Finally, ...") then the mandatory routability
> check won't work.

Oh, I am assuming the routability test is still done with the
new address. Just that the update source address can be chosen
freely (either old or new). Granted, if you send the update
you will have to be ready then or real soon to receive the test
packet. But at least implementations have some freedom to figure
out how to do this. And there are no specific reasons to prohibit
this.

Jari

References:
- Re: Secure remote access with IPsec
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: Secure remote access with IPsec
Next by Date: Re: AES-based PRF for IKEv2
Prev by thread: Re: Secure remote access with IPsec
Next by thread: CP and DHCP/RADIUS slides
Index(es):
- Date
- Thread