[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on 2401bis-01 - Transport mode by SGs

To: ipsec@lists.tislabs.com
Subject: Re: comments on 2401bis-01 - Transport mode by SGs
From: Thor Lancelot Simon <tls@rek.tjls.com>
Date: Tue, 2 Mar 2004 21:55:36 -0500
In-reply-to: <5.2.0.9.0.20040302190635.020b4430@email>
References: <5.2.0.9.0.20040302190635.020b4430@email>
Reply-to: tls@rek.tjls.com
Sender: owner-ipsec@lists.tislabs.com
User-agent: Mutt/1.4.2.1i

On Tue, Mar 02, 2004 at 07:13:05PM -0500, Mark Duffy wrote:
> 
>                      ... transport mode MAY be used between security
>    gateways or between a security gateway and a host.  In the latter
>    case, transport mode may be used to support IP-in-IP [Per96] or GRE
>    tunneling [FaLiHaMeTr00] over transport mode SAs.
> 
> Even in the former case (SG to SG) shouldn't the use of transport mode be 
> limited to cases where some in-IP tunnelling mechanism is used?  But, it 
> might not be IP-and-IP or GRE; it could be L2TP, MPLS-in-IP, etc.  So I 
> suggest rewording this passage as follows:

Why forbid two security gateways from using transport mode to protect
other SG-to-SG traffic?

Follow-Ups:
- Re: comments on 2401bis-01 - Transport mode by SGs
  - From: Mark Duffy <mduffy@quarrytech.com>

References:
- comments on 2401bis-01 - Transport mode by SGs
  - From: Mark Duffy <mduffy@quarrytech.com>

Prev by Date: Re: IPsec -- new versions of AH and ESP
Next by Date: comments on 2401bis-01 - SPD, selectors
Previous by thread: comments on 2401bis-01 - Transport mode by SGs
Next by thread: Re: comments on 2401bis-01 - Transport mode by SGs
Index(es):
- Date
- Thread