[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Should CPE allow all IPsec through? Was: Re: CPEs



> However, this does seem to be an attractive option in the sense that  
> it allows for a way to have peer-to-peer communication 
> without giving  
> up security. It would probably still need some selling to some  
> security-conscious groups, but a good argument there would be that  
> there is no reasonable way that an attacker could get 
> anywhere without  
> first negotiating a security association, but if we don't implement  
> this, that simply means applications will use less secure 
> peer-to-peer mechanisms.

Or that those less secure peer-to-peer applications will run
over UDP/500 and protocol 50.

-d