Re: [IPsec] First charter draft

From: Hui Deng <denghui02_at_nospam>
Date: Fri Jun 13 2008 - 15:21:48 GMT
To: "Julien Laganier" <julien.IETF@laposte.net>

Dear Julien,

Thanks for your comments, see inline.

2008/6/12 Julien Laganier <julien.IETF@laposte.net>:
> On Thursday 12 June 2008, Tero Kivinen wrote:
>> Julien Laganier writes:
>> > FWIW, it's the same when IPsec transport mode protection is applied
>> > to an IP-within-IP tunnel -- IPsec does not inspect the inner
>> > header, only the outer.
>>
>> Yes, and RFC4301 has warning about that:
>
> Yes, tunneled traffic escape IPsec access control. The same applies if
> one configures IPsec transport mode to protect traffic sent from SRC to
> DST and protocol number GRE. And adding the GRE key as a traffic
> selector would not change the situation, as I'm arguing in another note
> on the topic.

Here GRE key has been used for some special purpose, the incentive will be more than protection of GRE protocol.

thanks again.

-Hui

IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

This message: [ Message body ]
Next message: Hui Deng: "Re: [IPsec] First charter draft"
Previous message: Stephen Kent: "[IPsec] multi-subscriber use of Ipsec"
In reply to: Julien Laganier: "Re: [IPsec] First charter draft"
Next in thread: Yaron Sheffer: "Re: [IPsec] First charter draft"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]