Masataka == Masataka Ohta mo...@necom830.hpcl.titech.ac.jp writes:
Masataka My context is IPsec in the Internet, which excludes VPNs.
Masataka Do you know some major application over the Internet using
Masataka IPsec with transport mode?
Why the restriction of *over*?
Dozens of
Michael Richardson wrote:
Masataka == Masataka Ohtamo...@necom830.hpcl.titech.ac.jp writes:
Masataka My context is IPsec in the Internet, which excludes VPNs.
Masataka Do you know some major application over the Internet using
Masataka IPsec with transport mode?
Why
In your previous mail you wrote:
My context is IPsec in the Internet, which excludes VPNs.
= this is a bit unfair: VPNs are the natural model for IPsec use
(putting back an uniform I could talk about red and black :-).
Do you know some major application over the Internet using IPsec
Francis Dupont wrote:
In your previous mail you wrote:
My context is IPsec in the Internet, which excludes VPNs.
= this is a bit unfair: VPNs are the natural model for IPsec use
(putting back an uniform I could talk about red and black :-).
It's fair as we are talking about IPsec
Perhaps I should have said deployable ... Although it is deployed in some
places, and growing rapidly - I'd be surprised if your situation didn't
change over then next 12-15 months ...
/TJ
On Oct 30, 2010 11:28 PM, Michel Py mic...@arneill-py.sacramento.ca.us
wrote:
TJ [trej...@gmail.com]
If you mean widespread, point to point / peer to peer IPsec - yes, there is
a distinct lack of (free, easy, global) PKI out there.
There are steps in the right direction though, such as MS's Direct Access
...
/TJ
On Oct 31, 2010 12:02 AM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
wrote:
TJ
On Oct 31, 2010, at 12:00 AM, Masataka Ohta wrote:
TJ wrote:
I would be quite curious to know your definition of failure, given that
IPsec is currently deployed, and working in more than a few deployments
...
Sorry for lack of clarification.
My context is IPsec in the Internet, which
Hadriel Kaplan wrote:
Do you know some major application over the Internet using IPsec
with transport mode?
Yes: SIP. SIP/UDP over IPsec in transport mode on the Internet
is not uncommon. Arguably more common than SIP over TLS,
anyway... though that's expected to change. (and of course
I would be quite curious to know your definition of failure, given that
IPsec is currently deployed, and working in more than a few deployments
...
On a possibly related note, IPv6 use deployed and working too ...
/TJ
On Oct 27, 2010 12:08 PM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
TJ [trej...@gmail.com] wrote:
I would be quite curious to know your definition of failure, given
that
IPsec is currently deployed, and working in more than a few
deployments
On a possibly related note, IPv6 use deployed and working too ...
Failure means that, I leave in the capital city of
TJ wrote:
I would be quite curious to know your definition of failure, given that
IPsec is currently deployed, and working in more than a few deployments
...
Sorry for lack of clarification.
My context is IPsec in the Internet, which excludes VPNs.
Do you know some major application over the
I'm not a security guru, and will step aside instantly if someone with those
credentials says I'm wrong. However, from my perspective, the assertion that
IPv6 had any security properties that differed from IPv4 *at*all* has never
made any sense. It is essentially a marketing claim, and - well,
On Tue, Oct 26, 2010 at 10:39 PM, Fred Baker f...@cisco.com wrote:
snip
In the scope of things, wh does having one of out of the many needed tools
make
IPv6 different than IPv4, especially given that the indicated tool is present
in both
IPv4 and IPv6 implementations?
Scratch-a-my-head. I
Roger Jørgensen wrote:
Sent: Tuesday, October 26, 2010 1:53 PM
To: Fred Baker; IETF Discussion
Subject: Re: [Full-disclosure] IPv6 security myths
On Tue, Oct 26, 2010 at 10:39 PM, Fred Baker f...@cisco.com wrote:
snip
In the scope of things, wh does having one of out of the many needed
Hi, Tony,
I have a feeling the idea that IPv6 add something to security might
be linked back to the IPsec focus real early on in the IPv6 era,
like years and years ago. Why it happen or how, I don't really
know.
How it happened? --- Ever heard of NAT? At the time IPsec through
nat did
Hi, Fred,
I'm not a security guru, and will step aside instantly if someone
with those credentials says I'm wrong. However, from my perspective,
the assertion that IPv6 had any security properties that differed
from IPv4 *at*all* has never made any sense. It is essentially a
marketing claim,
On Oct 25, 2010, at 5:46 AM, Masataka Ohta wrote:
Sabahattin Gucukoglu wrote:
In the interest of fair and balanced discussion.
It is of course that, merely because IPv6 makes IPsec mandatory,
IPv6 can not be more secure than IPv4.
But, the real problem of IPsec is that it expected
Fred == Fred Baker f...@cisco.com writes:
Fred I'm not a security guru, and will step aside instantly if
Fred someone with those credentials says I'm wrong. However, from
Fred my perspective, the assertion that IPv6 had any security
Fred properties that differed from IPv4
On 10/26/2010 3:05 PM, Michael Richardson wrote:
The major*security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and then
series of port-forwards through them.
That's an operational hope, not a technical or operational fact.
It
On Oct 26, 2010, at 14:18, Fernando Gont wrote:
Sorry, but I don't follow. If the problem with widespread deployment of
IPsec was NAT traversal, why didn't we see widespread IPsec deployment
(for the general case) e.g. once RFC 3948 was published?
RFC 3498 really only made a variant of
Fernando == Fernando Gont ferna...@gont.com.ar writes:
How it happened? --- Ever heard of NAT? At the time IPsec
through nat did not widely exist, and even implementations that
figured out udp had the problem that the cert often included a
1918 address which didn't match the
On Tue, 26 Oct 2010, Michael Richardson wrote:
Partly. I also expect VPN use to get reduced, since 90% of VPNs are
really just remote-access systems necessary due to NAT, not security.
In my experince, VPNs are used for secure connections between two private
networks ... the existance of NAT
Michael,
The major *security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and then
series of port-forwards through them.
You seem to be assuming that there will not be middle-boxes with IPv6.
-- NAT64, for example, doesn't seem to
Michael Richardson wrote:
The major *security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and then
series of port-forwards through them.
See page 13 of the slide of Gont stating:
Ironically, NAT66 is one of the most
Fred == Fred Baker f...@cisco.com writes:
Fred By the way, I don't buy the assertion that the PKI has to be
Fred global; if it did have to be global, I suspect one would have
Fred come into existence.
Quite a number of ideas and protocols have suffered because of the lack
of such a
David == David Morris d...@xpasc.com writes:
Partly. I also expect VPN use to get reduced, since 90% of VPNs
are really just remote-access systems necessary due to NAT, not
security.
David In my experince, VPNs are used for secure connections between
David two private
Dave == Dave CROCKER d...@dcrocker.net writes:
The major*security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and
then series of port-forwards through them.
Dave That's an operational hope, not a technical or
Michael,
For instance, a reason to create a new network zone is because we
don't provide printers with decent access control lists (authorization),
instead, we make them wide open and then throw WPA on the wireless so
that it's secure, and then assume if you've authenticated, you are
28 matches
Mail list logo