Re: revised IPsec processing model

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "itojun" == itojun  <itojun@iijlab.net> writes:
    >>> incompatible with IPv6 linklocal address (by changing inbound
    >>> interface for a packet, i.e.  m->m_pkthdr.rcvif in BSD, you change
    >>> the scope zone).  therefore i object to apply "virtual interface"
    >>> concept to transport mode.

    >> There is no plan to remove tunnel mode from the spec. The plan was to
    >> apply this model for both transport and tunnle modes.

    itojun> in that case, i would like to express concern w/ IPv6 linklocal
    itojun> address (the latter paragraph of mine).

  There is a disconnect here.

  Having a "virtual interface" model, does not mean that you have to have
an actual virtual address. 

]                   At IETF57 in Wien, Austria                  |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] printk("Just another Debian GNU/Linux using, kernel hacking, security guy");[



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPxfLQYqHRg3pndX9AQGoFAQAr6tGh2UxPGoP2vf1SB1U7KOA9ZYqIqNe
NGuaVmgjxjazWQNGAjG4bX6ZpoKBnYTgFDETfcc+s8q+0PC0sfvYyiuZcTtr3K0l
0dnSU9H+oEWCNnm56vlqZLSAaRvlcFUYD2XLKARZ1xtQ0xXhGc8lgJC2HYqFg9T4
10jOsGZDIr4=
=UWuT
-----END PGP SIGNATURE-----