[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

a missing piece

To: ipsec@ans.net
Subject: a missing piece
From: Steve Bellovin <smb@research.att.com>
Date: Wed, 01 Feb 1995 13:48:12 -0500
Sender: smb@research.att.com

The IPv6 security protocols are supposed to work host to host or
gateway to gateway.  But we haven't specified a protocol for hosts
to use to specify to their security gateways (by which do not necessarily
mean firewalls) what security services are desired.  Similarly, we
need a protocol -- an IPv6 header, to be more precise -- by which
the security gateway can (over a nominally-trusted wire) what security
services were in effect for received packets.  The former is rather
reminiscent of the IP security label option, though I won't call it
such for fear of reopening a can of worms; the latter has some tricky
aspects, such as stripping out bogus incoming security service headers
and dealing with IP within IP.

		--Steve Bellovin

Follow-Ups:

Re: a missing piece

From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>

Prev by Date: SHA-1
Next by Date: Re: Draft IPv6 Security API for BSD Sockets
Prev by thread: Re: SHA-1
Next by thread: Re: a missing piece
Index(es):
- Main
- Thread