[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis issues (possible) resolution

To: angelos@cs.columbia.edu
Subject: Re: 2401bis issues (possible) resolution
From: itojun@itojun.org (Jun-ichiro itojun Hagino)
Date: Wed, 8 Oct 2003 12:44:48 +0900 (JST)
Cc: touch@ISI.EDU, ipsec@lists.tislabs.com
In-Reply-To: Your message of "Tue, 07 Oct 2003 19:07:35 -0400"<200310072307.h97N7ZHW018074@coredump.cs.columbia.edu>
References: <200310072307.h97N7ZHW018074@coredump.cs.columbia.edu>
Sender: owner-ipsec@lists.tislabs.com

> >It might be more specific to indicate that:
> >
> >For traffic originating or terminating at a gateway, that gateway MUST 
> >support the functions of an IPsec host. In particular, traffic 
> >originating or terminating at that gateway that is tunneled over 
> >non-IPsec mechanisms (e.g, RFC2003) MAY use transport mode. A gateway 
> >that originates or terminates packets tunneled over non-IPsec 
> >mechanisms, for the purposes of that tunnel, MUST follow the IPsec host 
> >requirements rather than the IPsec gateway requirements.
> >
> >Permitting the use of transport mode in this context goes specifically 
> >to the interaction between IPsec and RFC2003 tunnels, making it a 
> >protocol issue rather than merely an implementation issue.
> 
> This is a much more modest proposal than #50, which effectively allows a
> gateway to insert an ESP header on another IP packet without doing tunneling.

	i don't think Joe is suggesting insertion of ESP header in transit.

itojun

References:
- Re: 2401bis issues (possible) resolution
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

Prev by Date: Re: 2401bis issues (possible) resolution
Next by Date: Re: 2401bis issues (possible) resolution
Prev by thread: Re: 2401bis issues (possible) resolution
Next by thread: Re: 2401bis issues (possible) resolution
Index(es):
- Date
- Thread