Re[2]: PPP over IPSec (without L2TP)?
Stephen Kent <kent@bbn.com> Thu, 14 October 1999 19:03 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id MAA25645; Thu, 14 Oct 1999 12:03:43 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA29770 Thu, 14 Oct 1999 13:14:11 -0400 (EDT)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: kent@po1.bbn.com
Message-Id: <v04020a09b42bbeb0e1b5@[171.78.6.226]>
In-Reply-To: <6537.991014@ins.com>
References: <392A357CE6FFD111AC3E00A0C99848B001D6A3CA@hdsmsx31.hd.intel.com> <392A357CE6FFD111AC3E00A0C99848B001D6A3CA@hdsmsx31.hd.intel.com>
Date: Thu, 14 Oct 1999 13:17:27 -0400
To: Jim Tiller <tiller_j@ins.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re[2]: PPP over IPSec (without L2TP)?
Cc: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Jim, IPsec operates at layer 3, not 4, although we do cheat a bit. When one runs L2TP over IPsec, one loose the ability to perform fine-grained access control as part of IPsec, which is an important aspect of the security provided by IPsec. This problem arises because an IPsec receiver examines the "appropriate" IP header to make the access control decision. However, when there is an intervening protocoll layer, e.g., L2TP (or PPP) this check cannot be performed. Note that once the packet exits the Ipsec procvessing, one cannot tie it to the SA via which it was received, and thus any later access control checks are not nearly as effective as what can be done within IPsec per se. This has been a bone of contention between some of us in the IPsec WG and the folks who produced the L2TP spec, calling for the use of IPsec with L2TP. I fought over the wording of the text re the security benefits that accrue when the two protocols are used together, but achieved only a partial victory, i.e., I prevented the RFC from making grossly misleading claims about security under these circumstances. The bottom line is that L2TP impose no requirements on implementations to offer the same sort of fine-grained access control that Ipsec mandates. Moreover, once the binding of a packet to an SA is lost, it is impossible to provide the same level of security features and assurance for access control. I agree that more work needs to be done to provide all of the necessary routing and configuration facilities for some classes of VPN users with IPsec. However, it is not accurate to suggest that using L2TP over IPsec provides as good a level of security as will be achieved through appropriate use (perhaps with added options) of IPsec in a native mode. Steve
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen