Re: PPP over IPSec (without L2TP)?

"Scott G. Kelly" <skelly@redcreek.com> Thu, 14 October 1999 17:52 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id KAA24418; Thu, 14 Oct 1999 10:52:13 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA29495 Thu, 14 Oct 1999 12:08:26 -0400 (EDT)
Message-ID: <38060149.F2DCC128@redcreek.com>
Date: Thu, 14 Oct 1999 09:14:01 -0700
From: "Scott G. Kelly" <skelly@redcreek.com>
Organization: RedCreek Communications
X-Mailer: Mozilla 4.61 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Ari Huttunen <Ari.Huttunen@datafellows.com>
CC: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Subject: Re: PPP over IPSec (without L2TP)?
References: <38059C2D.F56BA62A@DataFellows.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Ari Huttunen wrote:

<substantially trimmed...>
> I agree that having PPP gives us the stated benefits (and more?). However, I fail to see why there
> is a need to have an L2TP (and UDP) layer(s) between PPP and IPSec. 

<more trimmed...>

> So, please show me what benefits PPP over L2TP over IPSec provides when compared
> to just running PPP over IPSec? If there are some, which is possible, wouldn't it be
> better to enhance IPSec protocol(s) to enable the same, instead of having L2TP?
 
I think that one strong argument for not running ppp directly over ipsec
is that ppp is a layer 2 construct, and ipsec is designed to secure
traffic at layer 3. Aside from the architectural repugnance, there are
significant difficulties presented by encapsulation of PPP (and L2TP,
for that matter) in IPsec. Many of these arise due to the fact that in
order to apply policy to these packets, you must first understand what
is in them, and all the security implications of the various content
possibilities. Once you thoroughly understand the PPP (or L2TP) protocol
in this light, then you can begin to design a security protocol which
secures them. I think the bottom line is, that protocol would *not* be
ipsec - it would be something else.

This dances around a bigger problem which keeps recurring in different
guises on this list: vpn and ipsec are not synonymous. I think that
running L2TP over ipsec is essentially a hack which leverages ipsec for
a vpn scenario. However, ipsec was not designed to provide security for
the L2TP payload, so that if there is not an L2TP security subsystem
which controls the encapsulation, then the payload is not truly secured
- it is simply being tunneled, albeit reliably.

Scott