Re: (IPng) More Endpoint Attributes

[Theodore Ts'o <tytso@MIT.EDU>]

   Date: Thu, 16 Mar 1995 08:10:42 -0500
   From: throop@dg-rtp.dg.com (Dean D. Throop)

   Probably a better idea would be add some additional fields that can be
   modulated as attributes modulate.  Adding an optional sequence of
   type-value pairs after the AH header would give something to modulate
   while holding the SAID constant.  

... and indeed I believe that's the way the architecture was designed to
deal with this.  You basically use the IP Security Option for IPv4, and
I believe that IPv6 was going to a similar option similar to IPSO to
handle this.

In any case, it certainly seems clear, as we have both observed, that
trying to encode this information in the SAID is the wrong place to do
this.  (I believe the right place is in the IPv4 or IPv6 options field,
ala IPSO.)  In any case, this palces this functionality out of scope of
IPSEC.

						- Ted

---

Follow-Ups:

• Re: (IPng) More Endpoint Attributes
• From: Andy Bayerl <bayerl@zk3.dec.com>
• Re: (IPng) More Endpoint Attributes
• From: Andy Bayerl <bayerl@zk3.dec.com>

References:

• Re: (IPng) More Endpoint Attributes
• From: throop@dg-rtp.dg.com (Dean D. Throop)

---

• Prev by Date: Re: (IPng) Re: Proposed message on perfect forward security
• Next by Date: Re: (IPng) More Endpoint Attributes
• Next by thread: Re: (IPng) Proposed Standard or no?
• Index(es):
  • Main
  • Thread