Hi Mark,
on 2007-02-20 00:07 Mark Townsley said the following:
> Narayanan, Vidya wrote:
...
>> I understand where you stand on the topic now and I would agree with
>> some of it and disagree with some other parts of it. Mainly,
>> irrespective of whether a transport protocol or extension headers or
>> mobility options are used to carry this information, I do not think we
>> should be aiming at a single solution for host-to-router and
>> router-to-router exchanges of filter rules, as I do believe the
>>
> And router to host? I'm afraid that it is fairly common for IPsec VPN
> clients to have filtering policy thrust upon them from the tunnel
> concentrator (e.g., whether split tunneling and such is permitted or not).
Ah! That's one possible application of this I hadn't thought of, but
once mentioned it's (to me, at least!) a very interesting example of
how a standard filter description language could be useful.
Henrik
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
