RE: [Ipsec] big IKE packets

["Yoav Nir" <ynir@checkpoint.com>]

Perish the thought.  Then some smart firewall will drop your IKE because it
does not look like HTTP, so it's either a worm or file-sharing.

Better use HTTPS.  Nobody understands SSL  :-) 

-----Original Message-----
From: Francis.Dupont@enst-bretagne.fr
[mailto:Francis.Dupont@enst-bretagne.fr] 
Sent: Thursday, September 02, 2004 11:37 AM
To: Yoav Nir
Cc: ipsec@lists.tislabs.com; 'Michael Richardson'; 'Paul Hoffman / VPNC';
pki4ipsec@honor.icsalabs.com
Subject: Re: [Ipsec] big IKE packets 

 In your previous mail you wrote:

   Those stupid DSL routers know (sort-of) how to deal with TCP.  They can
live
   with UDP (as long as it does not need fragmentation).  They usually drop
   ICMP, ESP and AH.  I wouldn't trust them to pass SCTP. 
   
=> if I understand you well, you argue for IKE over HTTP (:-)?

Regards
   
Francis.Dupont@enst-bretagne.fr


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec