Re: [RAM] ETRs checking src & dest addresses

[Iljitsch van Beijnum <iljitsch at muada.com>]

On 12-jul-2007, at 13:51, Robin Whittle wrote:

> In the current definition of Ivip, the SA of the outer packet is
> the same as of the inner packet - it is the address of the
> original sending host, not of the ITR.  Maybe there is a reason
> for using the ITR's address for the outer SA, but for now I will
> assume not.

What do security associations have to do with any of this?

Oh wait, you mean source address. I don't think it's a good idea to  
have node Y send packets where the source address is X, both because  
this claims that the sender is different from his/her actual identity  
and because return traffic, such as ICMP messages, will then end up  
at (arguably) the wrong node.

Knowing the address of the encapsulating TR is also useful if the  
decapsulating TR ever wants to get in touch with it.

[not replying to the rest of the message because I didn't have time  
to read it]

_______________________________________________
RAM mailing list
RAM at iab.org
https://www1.ietf.org/mailman/listinfo/ram