Re: rfc791 coming up to 40 years ... what to do (remember, celebrate, ...?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mar 25, 2021, at 9:44 AM, Michael Thomas <mike@xxxxxxxx> wrote:

IMO, what IPsec got wrong was tunnel mode; it should have just been transport mode and IP-IP tunneling (RFC 3884 explains why).

From a separation of concerns, I would agree. It's really a shame that IPSec turned into a VPN tunneling solution. Didn't GRE and all of that exist back then?

GRE docs in the IETF go back to RFC1701 in Oct 1994, originating as drafts in Sep 1993.

IPsec docs in the IETF go back to RFC1825 in Apr 1995, originating as drafts in Feb 1995.

So strictly, IPsec seems to have followed GRE. But GRE isn’t a replacement for IPsec; it’s a shim tunnel layer that is more comparable to IP-IP tunneling, e.g., RFC2003 in Oct 1996, which dates back to July 1995 - but even that is just a variant of RFC1853 in Oct 1995 (whose draft origins are not available AFAICT).

So IP encapsulation predates IPsec; merging it inside IPsec is the problem; combining the two is fine.

Joe


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux