[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2401bis issues (possible) resolution
Angelos D. Keromytis writes:
> Right --- the mods Joe suggested seem acceptable.
I think we then should create new issue to issue tracker, with that
proposed text, so we can accept that and reject this?
>> That is where 2401bis could be clarified, as per (e.g.) the mods I
>> suggested in that earlier post.
>>> It might be more specific to indicate that:
>>>
>>> For traffic originating or terminating at a gateway, that gateway
>>> MUST support the functions of an IPsec host. In particular,
>>> traffic originating or terminating at that gateway that is
>>> tunneled over non-IPsec mechanisms (e.g, RFC2003) MAY use
>>> transport mode. A gateway that originates or terminates packets
>>> tunneled over non-IPsec mechanisms, for the purposes of that
>>> tunnel, MUST follow the IPsec host requirements rather than the
>>> IPsec gateway requirements.
--
kivinen@ssh.fi
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/