Yoav Nir writes: > > So you still didn't explain what GRE does better than modern IPsec > > tunneling? > > I think GRE (or any tunnel that is not IPsec - like L2TP) allows > them to avoid having to deal with RFC 4301 stuff like SPD. The only > selector they need is for the GRE tunnel (protocol 43?) or the L2TP > tunnel (UDP 1701).
I.e. bypass the security mechanishms provided the security protocol. > That means that your security policy is effectively determined by > the routing protocol. I.e. move the security from the security protocol to something else which is not a security protocol. Is this really something we want to do? Who is going to make sure the end result is secure? -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
