[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis issues (possible) resolution

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: 2401bis issues (possible) resolution
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Sat, 11 Oct 2003 13:37:44 -0400
Cc: Joe Touch <touch@ISI.EDU>, Eric Vyncke <evyncke@cisco.com>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 09 Oct 2003 21:27:18 +0300." <16261.43142.238298.551445@ryijy.hel.fi.ssh.com>
Sender: owner-ipsec@lists.tislabs.com


Done.

In message <16261.43142.238298.551445@ryijy.hel.fi.ssh.com>, Tero Kivinen write
s:
>Angelos D. Keromytis writes:
>> Right --- the mods Joe suggested seem acceptable.
>
>I think we then should create new issue to issue tracker, with that
>proposed text, so we can accept that and reject this?
>
>>> That is where 2401bis could be clarified, as per (e.g.) the mods I 
>>> suggested in that earlier post.
>
>>>> It might be more specific to indicate that:
>>>>
>>>> For traffic originating or terminating at a gateway, that gateway
>>>> MUST support the functions of an IPsec host. In particular,
>>>> traffic originating or terminating at that gateway that is
>>>> tunneled over non-IPsec mechanisms (e.g, RFC2003) MAY use
>>>> transport mode. A gateway that originates or terminates packets
>>>> tunneled over non-IPsec mechanisms, for the purposes of that
>>>> tunnel, MUST follow the IPsec host requirements rather than the
>>>> IPsec gateway requirements. 
>-- 
>kivinen@ssh.fi
>SSH Communications Security                  http://www.ssh.fi/
>SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:
- Re: 2401bis issues (possible) resolution
  - From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: IKEv2 documents ready for IETF wide last call
Next by Date: Issue #81: Handling outbound red fragments
Prev by thread: Re: 2401bis issues (possible) resolution
Next by thread: Re: 2401bis issues (possible) resolution
Index(es):
- Date
- Thread