[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 RH (was Re: SPD issues)

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: IPv6 RH (was Re: SPD issues)
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Tue, 28 Oct 2003 11:35:33 -0500
cc: Henry Spencer <henry@spsystems.net>, IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: Your message of "Tue, 28 Oct 2003 10:48:56 +0100." <200310280948.h9S9muHN085599@givry.rennes.enst-bretagne.fr>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> => we should make a distinction between a filtering mechanism and what is
> sold as a firewall

Any attempt to draw a clear distinction between "packet filtering" and
"firewall" will be doomed to failure.  

In this case, if you can subvert the intent of IPsec by adding routing
headers to packets, then we should consider independantly whether it
makes sense to add the ability to filter them to the SPD, not on
whether this is "packet filtering" or "firewalling"..


						- Bill

References:
- Re: IPv6 RH (was Re: SPD issues)
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: I-D ACTION:draft-ietf-ipsec-ciph-camellia-01.txt
Next by Date: RE: 3rd try -- 2401bis issue 91 -- handling ICMP error messages
Prev by thread: Re: IPv6 RH (was Re: SPD issues)
Next by thread: Re: IPv6 RH (was Re: SPD issues)
Index(es):
- Date
- Thread