[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Should CPE allow all IPsec through? Was: Re: CPEs

To: "'Iljitsch van Beijnum'" <iljitsch@muada.com>, "'Bound, Jim'" <jim.bound@hp.com>
Subject: RE: Should CPE allow all IPsec through? Was: Re: CPEs
From: "Dan Wing" <dwing@cisco.com>
Date: Tue, 8 Jan 2008 12:00:38 -0800
Cc: "'IPv6 Operations'" <v6ops@ops.ietf.org>
In-reply-to: <A2C0EB1B-2180-400B-A62E-6A5457156097@muada.com>
References: <58BFC685-DA33-418A-A37A-9075509987D4@muada.com> <1AB21F94DA6EEF459F10770655443339221789E421@G5W0274.americas.hpqcorp.net> <A2C0EB1B-2180-400B-A62E-6A5457156097@muada.com>

> However, this does seem to be an attractive option in the sense that  
> it allows for a way to have peer-to-peer communication 
> without giving  
> up security. It would probably still need some selling to some  
> security-conscious groups, but a good argument there would be that  
> there is no reasonable way that an attacker could get 
> anywhere without  
> first negotiating a security association, but if we don't implement  
> this, that simply means applications will use less secure 
> peer-to-peer mechanisms.

Or that those less secure peer-to-peer applications will run
over UDP/500 and protocol 50.

-d

Follow-Ups:
- Re: Should CPE allow all IPsec through? Was: Re: CPEs
  - From: james woodyatt <jhw@apple.com>

References:
- CPEs
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: CPEs
  - From: "Bound, Jim" <Jim.Bound@hp.com>
- Should CPE allow all IPsec through? Was: Re: CPEs
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: CPEs
Next by Date: Re: Should CPE allow all IPsec through? Was: Re: CPEs
Previous by thread: RE: Should CPE allow all IPsec through? Was: Re: CPEs
Next by thread: Re: Should CPE allow all IPsec through? Was: Re: CPEs
Index(es):
- Date
- Thread