Re: PPP over IPSec (without L2TP)?
David Chen <dchen@indusriver.com> Wed, 20 October 1999 18:58 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id LAA16126; Wed, 20 Oct 1999 11:58:31 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA28413 Wed, 20 Oct 1999 13:06:21 -0400 (EDT)
Message-Id: <4.2.0.58.19991020130425.00a8d290@pop3.indusriver.com>
X-Sender: dchen@pop3.indusriver.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Wed, 20 Oct 1999 13:12:33 -0400
To: Ari Huttunen <Ari.Huttunen@datafellows.com>
From: David Chen <dchen@indusriver.com>
Subject: Re: PPP over IPSec (without L2TP)?
Cc: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
In-Reply-To: <38059C2D.F56BA62A@DataFellows.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_71818850==_.ALT"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Mr. Huttunen, Your wrote with following header and content (after the "===" mark): The question I have is in your last sentence. " If there are some, which is possible, wouldn't it be better to enhance IPSec protocol(s) to enable the same, instead of having L2TP?" Does it sound like you want to "enhance IPSec protocol"? Regards, --- David BTW. I cc to the same cc you did. =========================================================== Date: Thu, 14 Oct 1999 12:02:37 +0300 From: Ari Huttunen <Ari.Huttunen@DataFellows.com> Organization: Data Fellows Oyj X-Mailer: Mozilla 4.51 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com Subject: PPP over IPSec (without L2TP)? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/> List-Unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe> At 12:02 PM 10/14/99 +0300, you wrote: >Microsoft's position regarding L2TP is according to >http://www.microsoft.com/windows/server/Technical/networking/NWPriv.asp >(partly) the following: > >L2TP is a well-defined, interoperable protocol that addresses the current >shortcomings of IPSec-only client-to-gateway and gateway-to-gateway >scenarios (user authentication, tunnel IP address assignment, and >multiprotocol support). L2TP has broad vendor support, particularly among >the largest network access equipment providers, and has verified >interoperability. By placing L2TP as payload within an IPSec packet, >communications benefit from the standards-based encryption and authenticity of >IPSec, while also receiving a highly interoperable way to accomplish user >authentication, tunnel address assignment, multiprotocol support, and >multicast support using PPP. This combination is commonly referred to as >L2TP/IPSec. Lacking a better pure IPSec standards solution, Microsoft >believes that L2TP/IPSec provides the best standards based solution for >multi-vendor, interoperable client-to-gateway VPN scenarios. Microsoft is >working closely with key networking vendors including Cisco, 3Com, >Lucent and IBM, to support this important combination. > >I agree that having PPP gives us the stated benefits (and more?). However, >I fail to see why there >is a need to have an L2TP (and UDP) layer(s) between PPP and IPSec. As I >understand >L2TP, it would give us two benefits a) being able to tunnel PPP over >several links, which >IPSec already gives us, and b) being able to specify telephone world >things like calling / >called numbers and call failures due to a busy tone, which in a general IP >world are non-relevant. > >I agree that a lot of Internet connectivity is through a telephone >network, but the calling numbers >should not be relied on for any sort of identification, despite what the >telephone world people >would like to convince people to believe. The only valid usage for >telephone numbers that >I see is call charging, but the ISPs are free to use L2TP for that purpose >without there being >any need for IPSec security gateways or IPSec hosts knowing or even caring >about it. > >So, please show me what benefits PPP over L2TP over IPSec provides when >compared >to just running PPP over IPSec? If there are some, which is possible, >wouldn't it be >better to enhance IPSec protocol(s) to enable the same, instead of having >L2TP? > >-- >Ari Huttunen phone: +358 9 859 900 >Senior Software Engineer fax : +358 9 8599 0452 > >Data Fellows Corporation http://www.DataFellows.com > >F-Secure products: Integrated Solutions for Enterprise Security
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen