On Jun 6, 2010, at 11:51 33AM, der Mouse wrote:
>>>>> IPKDB used [...]. [...] easy to support a single IPsec ESP [...]
>>>> [...]
>>> [...]
>> I must say, though, that the more I think about it, the more I'm
>> concerned about replay attacks. You suggested that ESP replay
>> prevention be disabled, and that is in fact consistent with the ESP
>> specs when static keys are used. I think we need to think, hard,
>> about what we want to do here.
>
> You are beginning to see, maybe, why I prefer something _not_ built
> atop IP. It's a lot easier to ignore this kond of threat when you
> don't have to even think about anything beyond the local layer-2
> broadcast domain. While of course nothing is perfect, I think the
> number of cases where you want the routability of IP but have nothing
> on the local broadcast domain that can proxy is small enough that the
> cost of writing them off outweighs the cost of dealing with the issues
> that using IP raises.
Oh, your reasoning was obvious from the very beginning, but the disadvantages
are obvious, too. Proxies raise their own set of issues.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
