Re: addresses and IKEv2
Francis Dupont <Francis.Dupont@enst-bretagne.fr> Fri, 17 May 2002 10:24 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4HAOAL14570; Fri, 17 May 2002 03:24:10 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id FAA10031 Fri, 17 May 2002 05:37:21 -0400 (EDT)
Message-Id: <200205170949.g4H9n3T93117@givry.rennes.enst-bretagne.fr>
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
To: Michael Thomas <mat@cisco.com>
cc: Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
Subject: Re: addresses and IKEv2
In-reply-to: Your message of Thu, 16 May 2002 15:47:22 PDT. <15588.14074.418189.801514@thomasm-u1.cisco.com>
Date: Fri, 17 May 2002 11:49:03 +0200
X-Virus-Scanned: by amavisd-milter (http://amavis.org/) at enst-bretagne.fr
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
In your previous mail you wrote: Bleah. Ignore my previous brain fart. As far as IPsec (2401) is concerned the *source* of the outer tunnel IP header is irrelevant, which is primarily what mobile/multihomed things want. => unfortunately many implementations still check the outer source because this is not explicitely forbidden. Revision of 2401 and interop tests should clarify this point (IKEv2/ESPv3 were a big step forward because they make clear that inbound SA selectors are traffic selectors). Thanks Francis.Dupont@enst-bretagne.fr
- addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Charlie_Kaufman
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Michael Thomas
- Re: addresses and IKEv2 Michael Thomas
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Lars Eggert
- Re: addresses and IKEv2 Charlie_Kaufman
- Re: addresses and IKEv2 Lars Eggert
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Stephen Kent
- RE: addresses and IKEv2 Penny Harper
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Francis Dupont
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Stephen Kent
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Ken Brown
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Stephen Kent
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Greg Carter
- RE: addresses and IKEv2 Eric Nielsen
- RE: addresses and IKEv2 Andrew Krywaniuk
- Re: addresses and IKEv2 Stephen Kent
- Re: addresses and IKEv2 Tero Kivinen
- Re: addresses and IKEv2 Alex Alten
- Re: addresses and IKEv2 Stephen Kent
- RE: addresses and IKEv2 Andrew Krywaniuk