Re: PPP over IPSec (without L2TP)?
Paul Koning <pkoning@xedia.com> Mon, 18 October 1999 19:41 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id MAA02939; Mon, 18 Oct 1999 12:41:43 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id LAA15703 Mon, 18 Oct 1999 11:20:37 -0400 (EDT)
Date: Mon, 18 Oct 1999 11:22:59 -0400
Message-Id: <199910181522.LAA08630@tonga.xedia.com>
From: Paul Koning <pkoning@xedia.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Ari.Huttunen@datafellows.com
Cc: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Subject: Re: PPP over IPSec (without L2TP)?
References: <00fe01bf16a0$f4ff1740$478939cc@internaut.com> <38070829.4F7AC3CA@DataFellows.com>
X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs Lucid
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
>>>>> "Ari" == Ari Huttunen <Ari.Huttunen@datafellows.com> writes: Ari> ... Ari> As to the re-ordering of packets by IPSec.. IPSec already does Ari> sequence numbers. It shouldn't be too difficult to define a new Ari> IPSec SA attribute negotiable by IKE that says "sequenced Ari> delivery of packets required". The recieving IPSec Ari> implementation would perhaps try to re-order packets during a Ari> few milliseconds or whatever, and drop packets that come after Ari> that. Yuck. Sure, it would be easy enough to add such an attribute, but adding the actual mechanism is quite another matter. Sequence protection doesn't belong in IP. It hasn't been there for 30 years, and it doesn't make sense to add it now. I very much doubt that you could get agreement to add such a thing as a mandatory capability (certainly I'd object loudly) or even as a recommended capability. paul
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen