[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Should CPE allow all IPsec through? Was: Re: CPEs
> However, this does seem to be an attractive option in the sense that
> it allows for a way to have peer-to-peer communication
> without giving
> up security. It would probably still need some selling to some
> security-conscious groups, but a good argument there would be that
> there is no reasonable way that an attacker could get
> anywhere without
> first negotiating a security association, but if we don't implement
> this, that simply means applications will use less secure
> peer-to-peer mechanisms.
Or that those less secure peer-to-peer applications will run
over UDP/500 and protocol 50.
-d