Re: [secdir] secdir review of draft-ietf-ipsecme-ikev2-ipv6-config-02.txt
<Pasi.Eronen@nokia.com> Fri, 16 October 2009 12:04 UTC
Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82C9B3A68D8; Fri, 16 Oct 2009 05:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.267
X-Spam-Level:
X-Spam-Status: No, score=-6.267 tagged_above=-999 required=5 tests=[AWL=-0.268, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knpqlVypreFz; Fri, 16 Oct 2009 05:04:28 -0700 (PDT)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id 21D2E3A6876; Fri, 16 Oct 2009 05:04:27 -0700 (PDT)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx06.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id n9GC4DiA031583; Fri, 16 Oct 2009 15:04:26 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 16 Oct 2009 15:04:07 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.6]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Fri, 16 Oct 2009 15:04:07 +0300
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-02.mgdnok.nokia.com ([65.54.30.6]) with mapi; Fri, 16 Oct 2009 14:04:06 +0200
From: Pasi.Eronen@nokia.com
To: dave.cridland@isode.com, secdir@ietf.org, iesg@ietf.org, julienl@qualcomm.com, cmadson@cisco.com
Date: Fri, 16 Oct 2009 14:04:05 +0200
Thread-Topic: [secdir] secdir review of draft-ietf-ipsecme-ikev2-ipv6-config-02.txt
Thread-Index: AcpOU50j6jqX5uXoQMiLJ+QPsDPXOgABILpw
Message-ID: <808FD6E27AD4884E94820BC333B2DB773C09A4479C@NOK-EUMSG-01.mgdnok.nokia.com>
References: <15898.1254832898.040887@puncture> <808FD6E27AD4884E94820BC333B2DB773C09A4472C@NOK-EUMSG-01.mgdnok.nokia.com> <3527.1255692381.824936@puncture>
In-Reply-To: <3527.1255692381.824936@puncture>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 16 Oct 2009 12:04:07.0145 (UTC) FILETIME=[C3237590:01CA4E58]
X-Nokia-AV: Clean
Subject: Re: [secdir] secdir review of draft-ietf-ipsecme-ikev2-ipv6-config-02.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2009 12:04:29 -0000
Dave Cridland wrote: > I was under the impression it potentially moved one of the ends in > any communication away from the tunnel endpoint? > > That is, if one is connecting into a secured, trusted network, using > this secured VPN tunnel, that doesn't mean that any packets > traversing a local network to get to that tunnel are secured. (For > whatever meaning of secured you intend to put here). > > To put it another way, under RFC 4306, the client VPN'ing into the > network is always "attached to the IPSec tunnel", whereas this > document extends things such that this may not be the case. No, not really; a VPN client using plain RFC 4306 can also share its IPv4 VPN connection to other hosts in the vicinity if it wants; it just needs to do NATting, while here we avoid the NAT. (And this is relatively common case for IPv4 VPNs nowadays -- the "other hosts" using the VPN connection are most likely VMs running on the same physical hardware.) Best regards, Pasi
- [secdir] secdir review of draft-ietf-ipsecme-ikev… Dave Cridland
- Re: [secdir] secdir review of draft-ietf-ipsecme-… Pasi.Eronen
- Re: [secdir] secdir review of draft-ietf-ipsecme-… Dave Cridland
- Re: [secdir] secdir review of draft-ietf-ipsecme-… Pasi.Eronen
- Re: [secdir] secdir review of draft-ietf-ipsecme-… Laganier, Julien