On 9/12/2014 11:02 AM, Paul Wouters wrote: > On Fri, 12 Sep 2014, Yaron Sheffer wrote: > >> This is a call for adopting draft-mglt-ipsecme-mobikev2 as a WG >> document. Please respond to this mail with a Yes or No and a short >> rationale, at latest by Friday Sep. 19. > > This document confuses me. > > It seems section 4 to 7 are about much more than just transport mode. It > seems to (re?)introduce versioning, non-transport notify payloads, etc. > > MOBIKE is about keeping your assigend address with you, making your > inner IP consistent regardless of the outer IP. That makes no sense > with transport mode, which is tied to your ephemeral outer address. > > Transport mode IPsec is terrible idea in todays NATed world. It should > die, not see more use.
See RFC 3884. Just because you're getting rid of IPsec-controlled tunnels doesn't mean you have to give up tunnels, and using separate IP-in-IP tunneling has distinct advantages in today's dynamic routed, virtual networked world. If you want to pick something to die, please kill IPsec tunnel mode as an integrated beast. Joe _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
