Re: IPSEC target and transport mode

[Bill Strahm <bill@strahm.net>]

I am very interested if some of the OS vendors out there can tell me what their
plans are.  I am hoping not to have to implement IPsec on OS driver stacks for
my product, in fact I would love to just use the implementations that exist on
various operating system platforms as they exist today.  

Is there anyone who can speak for what Solaris/Windows/Linux/AIX are planning
on doing in this space.

I know at one point NT was not fond of tunnel mode, but prefered to implement
L2TP over Transport Mode for tunneling... 

I am much more likely to interoperate with what the OS vendors push than with
anything in a spec...

Bill

On Thu, Apr 04, 2002 at 01:34:35PM -0800, Bill Studenmund wrote:
> On Wed, 3 Apr 2002 Black_David@emc.com wrote:
> 
> > > Let's take a vote on MUST/MUST as well.  Then,
> > > let's get on with last call.
> >
> > Indeed.  I started the discussion on this issue over a week ago,
> > so it is now time to close it and move on.  Based on that discussion
> > I believe the IPS WG rough consensus is "MUST implement" tunnel mode,
> > and "MAY implement" transport mode.  In looking over the discussion,
> > I see that:
> > 	- Bill Stundemund has withdrawn his objection
> 
> 		Well, I modified it from a, "this is quite evilly
> 		wrong," to "I don't like it but it won't totally
> 		break the protocol." :-)
> 
> > 	- Jason Thorpe has accepted a sentence involving a
> > 		"should" for use of transport mode when performance
> > 		(number of bytes transmitted) is a concern.
> > 	- I believe that sentence also resolves John Hufferd's
> > 		performance-based objection.
> > 	- That leaves Todd Sperry's objection
> > Hence I call this consensus for "MUST implement" tunnel mode and
> > "MAY implement" transport mode over Todd Sperry's objection.
> 
> Take care,
> 
> Bill
>