Re: [IPsec] IPTFS and transport mode.

2020-05-03 Thread Paul Wouters
On Sun, 3 May 2020, Christian Hopps wrote: An open issue we have for IPTFS is the use of transport mode. During the last face-to-face IETF meeting transport mode was mentioned, and my response had been that transport mode was less secure than non-TFS tunnel mode as the IP header was leaking

Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft

2020-05-03 Thread Benjamin Kaduk
On Wed, Apr 29, 2020 at 10:54:26PM +0300, Yoav Nir wrote: > [With chair hat on] > > Yes, the charter says that we are to make a guidance document. If the working > group feels that it’s better to put the specification and guidance in a > single document, we can work on that and clear it with

Re: [IPsec] IPTFS and transport mode.

2020-05-03 Thread Christian Hopps
> On May 3, 2020, at 1:08 PM, Michael Richardson wrote: > > > Christian Hopps wrote: >> non-TFS tunnel mode as the IP header was leaking user information so it >> hadn't been a consideration for us; however, it was later pointed out >> (by Paul W. I believe), that transport mode is

Re: [IPsec] IPTFS and transport mode.

2020-05-03 Thread Michael Richardson
Christian Hopps wrote: > non-TFS tunnel mode as the IP header was leaking user information so it > hadn't been a consideration for us; however, it was later pointed out > (by Paul W. I believe), that transport mode is (unfortunately?) > commonly used with GRE tunnels in lieu of

[IPsec] IPTFS and transport mode.

2020-05-03 Thread Christian Hopps
Hi ipsecme, An open issue we have for IPTFS is the use of transport mode. During the last face-to-face IETF meeting transport mode was mentioned, and my response had been that transport mode was less secure than non-TFS tunnel mode as the IP header was leaking user information so it hadn't