[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: revised IPsec processing model

To: Stephen Kent <kent@bbn.com>
Subject: Re: revised IPsec processing model
From: itojun@iijlab.net
Date: Fri, 18 Jul 2003 16:35:37 +0900
Cc: ipsec@lists.tislabs.com
In-reply-to: kent's message of Fri, 18 Jul 2003 03:28:12 -0400. <p05200f00bb3d51df74c7@[10.112.47.42]>
Sender: owner-ipsec@lists.tislabs.com

>At 13:57 +0900 7/18/03, itojun@iijlab.net wrote:
>>  >Here is the new, proposed processing model for IPsec.  Comments
>>>welcome, of course.
>>
>>	the text is a bit unclear whether it is talking about transport mode
>>	or tunnel mode.
>>
>>	"virtual interface" is for tunnel mode only, am i right?  if so,
>>	you can now remove tunnel mode from FFC2401 - there are bunch of
>>	tunnel specification available (like RFC2893, RFC1853, RFC2003)
>>	and tunnel mode will be replaced by "transport mode + tunnelling".
>>	i love to see the change.
>>
>>	if "virtual interface" is used also for transport mode, it will be
>>	incompatible with IPv6 linklocal address (by changing inbound interface
>>	for a packet, i.e.  m->m_pkthdr.rcvif in BSD, you change the scope
>>	zone).  therefore i object to apply "virtual interface" concept
>>	to transport mode.
>
>There is no plan to remove tunnel mode from the spec. The plan was to 
>apply this model for both transport and tunnle modes.

	in that case, i would like to express concern w/ IPv6 linklocal address
	(the latter paragraph of mine).

itjoun

Follow-Ups:
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>
- Re: revised IPsec processing model
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: revised IPsec processing model
Next by Date: Fwd: Certicom IP Rights
Prev by thread: Re: revised IPsec processing model
Next by thread: Re: revised IPsec processing model
Index(es):
- Date
- Thread