Re: PPP over IPSec (without L2TP)?
Ari Huttunen <Ari.Huttunen@datafellows.com> Mon, 18 October 1999 20:10 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id NAA03415; Mon, 18 Oct 1999 13:10:04 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id LAA15872 Mon, 18 Oct 1999 11:59:51 -0400 (EDT)
Message-ID: <380B44C1.F46C702F@DataFellows.com>
Date: Mon, 18 Oct 1999 19:03:13 +0300
From: Ari Huttunen <Ari.Huttunen@datafellows.com>
Organization: Data Fellows Oyj
X-Mailer: Mozilla 4.51 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Paul Koning <pkoning@xedia.com>
CC: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Subject: Re: PPP over IPSec (without L2TP)?
References: <00fe01bf16a0$f4ff1740$478939cc@internaut.com> <38070829.4F7AC3CA@DataFellows.com> <199910181522.LAA08630@tonga.xedia.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Paul Koning wrote: > >>>>> "Ari" == Ari Huttunen <Ari.Huttunen@datafellows.com> writes: > > Ari> ... > Ari> As to the re-ordering of packets by IPSec.. IPSec already does > Ari> sequence numbers. It shouldn't be too difficult to define a new > Ari> IPSec SA attribute negotiable by IKE that says "sequenced > Ari> delivery of packets required". The recieving IPSec > Ari> implementation would perhaps try to re-order packets during a > Ari> few milliseconds or whatever, and drop packets that come after > Ari> that. > > Yuck. > > Sure, it would be easy enough to add such an attribute, but adding the > actual mechanism is quite another matter. > > Sequence protection doesn't belong in IP. It hasn't been there for 30 > years, and it doesn't make sense to add it now. I very much doubt > that you could get agreement to add such a thing as a mandatory > capability (certainly I'd object loudly) or even as a recommended > capability. Where's the beef? Using the same argumentation we'd never have, for example, speech on top of IP, since "for more than 30 years we've had speech on a telephone line.. etc." Besides, IP is connectionless while IPSec in all its forms is connection-oriented. (Not counting HIP.) -- Ari Huttunen phone: +358 9 859 900 Senior Software Engineer fax : +358 9 8599 0452 Data Fellows Corporation http://www.DataFellows.com F-Secure products: Integrated Solutions for Enterprise Security
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen