RE: Re[2]: PPP over IPSec (without L2TP)?
Stephen Kent <kent@bbn.com> Sat, 16 October 1999 00:12 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id RAA06864; Fri, 15 Oct 1999 17:12:54 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id SAA07183 Fri, 15 Oct 1999 18:50:59 -0400 (EDT)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: kent@po1.bbn.com
Message-Id: <v04020a0ab42d4d893d9f@[171.78.6.226]>
In-Reply-To: <19991015174030.14188.rocketmail@web1403.mail.yahoo.com>
Date: Fri, 15 Oct 1999 18:45:05 -0400
To: Pyda Srisuresh <srisuresh@yahoo.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: Re[2]: PPP over IPSec (without L2TP)?
Cc: aboba@internaut.com, ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Pyda, >User vs. Machine authentication is really a key management protocol >issue (i.e., IKE) - somewhat orthogonal to IPsec architecture (RFC 2401). RFC 2401 defines ID types that must be supported in the SPD, and which are aligned with IKE ID payload types. These ID types include X.500 DNs, that can certainly be used to identify users, and RFC 821 names, which are specifically user IDs (vs. the DNS ID type, which is designated for machines). So I disagree with your assertion that this is purely a key management protocol issue. I do agree that protocols such as XAUTH demonstrate a clear intent to authenticate users, not just machines, but IKE and 2401 make definite statements to that effect already. Steve
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen