On Mon, 23 May 2016, Hu, Jun (Nokia - US) wrote:
To get past middleware boxes that tend to not touch "real" TLS traffic but
mangle anything else.
[HJ] so there is middle box that will only allow TLS traffic (and dropping all
plain tcp traffic)? that sounds pretty extreme, but even in such case, nothing
prevent such middle box to have a new rule to drop TLS encapsulated IPsec
traffic if TLS level encryption is not used.
Correct. There will always be that battle of deep packet inspection and
proxies versus people who want to be protected from them.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
