On Fri, 2004-06-18 at 09:43, Pekka Savola wrote: > On Fri, 18 Jun 2004, Jeroen Massar wrote: > > IMHO it is a bit 'late' to start securing proto-41. It has been in use > > already for too long and by too many people. > > Just to be clear, this document doesn't intend to say, "OK, let's use > IPsec for proto-41, and forget the unsecured version". It's just > trying to describe the scenarios and IPsec mechanisms which *could* be > used for securing. :) Ack. > > Thus this memo does have a good value for people who want to secure it > > afterall, but I don't think that it will actually happen a lot due to > > the above three items. > > I would be (pleasantly) surprised if it happened to a very large > degree, but you never know. :) > > In any case, this kind of document (or IPsec description in general) > was required by the IESG for going forward with > draft-ietf-v6ops-mech-v2. I understand that point as the proto-41 stuff and actually any tunneling protocol that doesn't authenticate the sender allows more spoofing to happen and that makes packets untraceable and able to bypass ingress filters etc. which simply is not something that should be condoned. Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part