On 4/10/15 19:30 , Ronald Bonica wrote:
- Except for applying to IPv6, the fourth sentence says almost the same thing
as the third sentence. I'd suggest adding ", including IPv6" to the second
sentence, and remove the fourth sentence all together.
[RPB]
I don't agree. In the third sentence, the GRE ingress and GRE egress nodes
execute IPSec procedures. They encrypt and/or authenticate the GRE delivery
header. (That's all you can do when the payload is MPLS). In the fourth
sentence, the payload originator and payload destination execute IPSec
procedures. They encrypt and/or authenticate the payload packet. This is an
option when the payload is IPv6.
Ok, I missed that distinction the first time, I might not be the only
one that misses it. How can that distinction be highlighted a little
more? Maybe something like the following:
Alternatively when the payload is IPv6, these threats can also be
mitigated by authenticating and/or encrypting the payload using IPSec,
instead of the delivery packet.
--
================================================
David Farmer Email: [email protected]
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 1-612-626-0815
Minneapolis, MN 55414-3029 Cell: 1-612-812-9952
================================================
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
