IETF Logo Mail Archive

Re: [Mip6] WG Last call: draft-ietf-mip6-ikev2-ipsec-06.txt

Francis Dupont <Francis.Dupont@point6.net> Sun, 30 April 2006 12:19 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FaAtU-0006tU-75; Sun, 30 Apr 2006 08:19:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FaAtS-0006r9-KH for mip6@ietf.org; Sun, 30 Apr 2006 08:19:18 -0400
Received: from laposte.rennes.enst-bretagne.fr ([192.44.77.17]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FaAtR-0000AL-7b for mip6@ietf.org; Sun, 30 Apr 2006 08:19:18 -0400
Received: from localhost (localhost.localdomain [127.0.0.1]) by laposte.rennes.enst-bretagne.fr (8.13.4/8.13.4/2004.10.03) with ESMTP id k3UCJ4vu028055; Sun, 30 Apr 2006 14:19:04 +0200
Received: from givry.rennes.enst-bretagne.fr (givry.rennes.enst-bretagne.fr [192.44.77.29]) by laposte.rennes.enst-bretagne.fr (8.13.4/8.13.4/2004.09.01) with ESMTP id k3UCIxL4028050; Sun, 30 Apr 2006 14:18:59 +0200
Received: from givry.rennes.enst-bretagne.fr (localhost.rennes.enst-bretagne.fr [127.0.0.1]) by givry.rennes.enst-bretagne.fr (8.13.1/8.13.1) with ESMTP id k3UCIv0H023189; Sun, 30 Apr 2006 14:18:58 +0200 (CEST) (envelope-from dupont@givry.rennes.enst-bretagne.fr)
Message-Id: <200604301218.k3UCIv0H023189@givry.rennes.enst-bretagne.fr>
From: Francis Dupont <Francis.Dupont@point6.net>
To: "Soliman, Hesham" <hsoliman@qualcomm.com>
Subject: Re: [Mip6] WG Last call: draft-ietf-mip6-ikev2-ipsec-06.txt
In-reply-to: Your message of Fri, 28 Apr 2006 14:07:09 PDT. <1487A357FD2ED544B8AD29E528FF9DF002555FD6@NAEX06.na.qualcomm.com>
Date: Sun, 30 Apr 2006 14:18:57 +0200
X-Virus-Scanned: amavisd-new at enst-bretagne.fr
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: Gopal Dommety <gdommety@cisco.com>, mip6@ietf.org, jari.arkko@ericsson.com, Basavaraj Patil <basavaraj.patil@nokia.com>
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Errors-To: mip6-bounces@ietf.org

 In your previous mail you wrote:

    > => I consider the HAO as a degenerated tunnel so you have double
    > tunneling (one tunnel for IPsec, one for MIPv6) when obviously only
    > one is needed.
   
   => Understood. I do think this is a matter of taste though not
   architecture.
   
=> yes, it is a matter of taste about an architectural view of things...

    >    I think
    >    it's a more "correct" use of IPsec to not use tunnel mode
    >    between two end nodes.
    > 
    > => but is the right end the HA or the CN (:-)?
   
   => It's always the HA as far as IPsec is concernced. In some
   cases the messages are processed by the HA (BU, MPD), in others
   the HA is treated like a security GW (HOTI, payload). So as far as
   IPsec is concerned the end node is always the HA. The fact that 
   the packet is then forwarded somewhere else is irrelevant to IPsec. 
   
=> for IPsec the transport mode is strictly end-to-end so either
the real end node is the CN and tunnel mode is required, or the
tunnel between MN-HA and the forwarding to/from CN is part of the
"MIPv6 application" and my concern about double tunneling is more
important. BTW the term SG (security gateway) implies tunnel mode.
   
Regards

Francis.Dupont@point6.net

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email