[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] big IKE packets
Perish the thought. Then some smart firewall will drop your IKE because it
does not look like HTTP, so it's either a worm or file-sharing.
Better use HTTPS. Nobody understands SSL :-)
-----Original Message-----
From: Francis.Dupont@enst-bretagne.fr
[mailto:Francis.Dupont@enst-bretagne.fr]
Sent: Thursday, September 02, 2004 11:37 AM
To: Yoav Nir
Cc: ipsec@lists.tislabs.com; 'Michael Richardson'; 'Paul Hoffman / VPNC';
pki4ipsec@honor.icsalabs.com
Subject: Re: [Ipsec] big IKE packets
In your previous mail you wrote:
Those stupid DSL routers know (sort-of) how to deal with TCP. They can
live
with UDP (as long as it does not need fragmentation). They usually drop
ICMP, ESP and AH. I wouldn't trust them to pass SCTP.
=> if I understand you well, you argue for IKE over HTTP (:-)?
Regards
Francis.Dupont@enst-bretagne.fr
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec