[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
From: james woodyatt <jhw@apple.com>
Date: Sat, 22 Aug 2009 22:33:37 -0700
In-reply-to: <390865C6-3343-4C31-9767-6E0FCA4481DD@suspicious.org>
References: <805241AA-DC9A-4498-9D54-8D491DD62A0D@apple.com> <2D21500B-207B-43FB-9728-8A7BCEC82CB1@apple.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80158E120B3E6@il-ex01.ad.checkpoint.com> <47CF65DB-E3E1-4666-B1E9-51A49B372AD5@apple.com> <390865C6-3343-4C31-9767-6E0FCA4481DD@suspicious.org>

On Aug 22, 2009, at 21:58, Truman Boyes wrote:

This is quite confusing from an implementation perspective; securityis not explicitly increased by prohibiting non-encrypted tunnels butallowing encrypted (ESP or AH) traffic flows. Wouldn't this simplyserve as a driver to make all tunnel encapsulations use ESP/AH?

Yes. I'm not sure I can explain how this is supposed to increasesecurity, but if consensus in the working group emerges around theserecommendations and the draft can proceed through working group lastcall, then that's good enough for me.



--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>

References:
- draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
  - From: james woodyatt <jhw@apple.com>
- Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
  - From: james woodyatt <jhw@apple.com>
- RE: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
  - From: james woodyatt <jhw@apple.com>
- Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
  - From: Truman Boyes <truman@suspicious.org>

Prev by Date: Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
Next by Date: Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
Previous by thread: Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
Next by thread: Re: draft-ietf-v6ops-cpe-simple-security: filtering encapsulated flows
Index(es):
- Date
- Thread