Hi Tom,

On Sun, Sep 18, 2016 at 12:55 PM, Tom Henderson
<tomh...@u.washington.edu> wrote:
> Hi Kathleen, thank you for your comment.
> On 09/13/2016 12:22 PM, Kathleen Moriarty wrote:
>> Kathleen Moriarty has entered the following ballot position for
>> draft-ietf-hip-multihoming-11: No Objection
>> ----------------------------------------------------------------------
>> ----------------------------------------------------------------------
>> I'm wondering if split-tunneling should be listed as a security
>> consideration.  I see the following in section 4.1 that might be used to
>> help prevent split tunneling:
>>    In the outbound direction, as a result of SPD processing, when
>>    an outbound SA is selected, the correct IP destination address for
>>    the peer must also be assigned.
>> Then also the entirety of section 4.3.
>> I read this as split tunneling could be an issue in some circumstances
>> depending on policy and it might be good to mention this in the security
>> considerations section.  Or let me know if I am missing some background
>> that would prevent split tunneling so implementers don't need to be made
>> aware of this consideration.
> From my recollection, support (or prevention) of split tunneling was not a 
> consideration of these parts of the text.  The first sentence you quote from 
> 4.1 was intended as a hint to implementers that there is this additional 
> level of indirection with HIP that must be managed (mapping of SA to IP 
> address) when multihoming is in use.  Section 4.3 is mainly about how to 
> manage the possibly large number of valid SA configurations that could arise 
> from multihoming.
> My understanding of the common use of the term 'split tunneling' is that it 
> pertains to VPN tunnel situations where some set of connections should be 
> tunneled but others not.  In HIP, the security association is end-to-end and 
> the same VPN scenario is not applicable, so by split tunnel, do you mean that 
> some transport sessions between two hosts are within HIP/ESP protection and 
> others not?

Thanks for your response.  Yes, I was poking to see if there was a
possibility of leakage to an unintended destination when multi-homing
was in place, like what is possible with split tunneling.  It might
not be split tunneling exactly, but if leakage is possible, it would
be good to note that as a consideration.


> - Tom


Best regards,

Hipsec mailing list

Reply via email to