IETF Logo Mail Archive

Re: addresses and IKEv2

Lars Eggert <larse@ISI.EDU> Fri, 17 May 2002 13:16 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4HDG3L27208; Fri, 17 May 2002 06:16:03 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id IAA10314 Fri, 17 May 2002 08:23:54 -0400 (EDT)
Message-ID: <3CE438E1.9060302@isi.edu>
Date: Thu, 16 May 2002 15:55:29 -0700
From: Lars Eggert <larse@ISI.EDU>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9) Gecko/20020404
X-Accept-Language: en-us, de-de
MIME-Version: 1.0
To: Michael Thomas <mat@cisco.com>
CC: Charlie_Kaufman@notesdev.ibm.com, Francis Dupont <Francis.Dupont@enst-bretagne.fr>, ipsec@lists.tislabs.com
Subject: Re: addresses and IKEv2
References: <OFCCFB056D.82A15BB8-ON85256BBA.00077AE2-85256BBA.000EE666@iris.com> <15588.13017.673564.786273@thomasm-u1.cisco.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms060904090009040106010005"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Michael Thomas wrote:
> Like Francis I suspect, there's a lot to be gained
> for mobility if we separate routing tags from
> identity. In particular, it would be very, very
> advantageous to be able to create a tunnel where
> the outer routing tag is irrelevant so long as the
> inner payloads/integrity all check out.

Isn't this accomplished by end-to-end transport mode IPsec that goes 
through an unsecured IPIP tunnel?

Lars
-- 
Lars Eggert <larse@isi.edu>           USC Information Sciences Institute

v2.40.4 | Report a Bug | By Email | System Status