RE: Re[2]: PPP over IPSec (without L2TP)?

"Bernard Aboba" <aboba@internaut.com> Fri, 15 October 1999 01:42 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id SAA04878; Thu, 14 Oct 1999 18:42:47 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id UAA01769 Thu, 14 Oct 1999 20:11:27 -0400 (EDT)
Reply-To: aboba@internaut.com
From: Bernard Aboba <aboba@internaut.com>
To: 'Stephen Kent' <kent@bbn.com>, 'Jim Tiller' <tiller_j@ins.com>
Cc: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Subject: RE: Re[2]: PPP over IPSec (without L2TP)?
Date: Thu, 14 Oct 1999 17:05:13 -0700
Message-ID: <00fe01bf16a0$f4ff1740$478939cc@internaut.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <v04020a09b42bbeb0e1b5@[171.78.6.226]>
X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.5400
Importance: Normal
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Please.

We went through this issue in the L2TP draft and your proposed
wording was rejected. No "misleading claims" were
included in the original draft, and in fact it was your proposed
wording that was rejected as misleading. Let's not go
rewriting history. 

In L2TP it is perfectly possible to apply
filters to achieve the same level of security. In fact, if
anything the argument went the other way -- because L2TP
does user authentication, when run over IPSEC its security 
is stronger than that of IPSEC tunnel mode implementations
that only do machine authentication and therefore have no
idea who the user is.