My thoughts on three timely IPsec issues...

[Craig Metz <cmetz@sundance.itd.nrl.navy.mil>]

	As I had mentioned on the IPsec developers' list, I had some
specific thoughts on some IP security issues that are currently being
discussed, but I wanted to wait until I had built some code before
making them known because I wanted to be sure that my ideas were
implementable. I have, it mostly works, there are no outstanding
questions as to whether something is doable or not, so I have prepared
my thoughts into three messages to form a long tirade. I am carbon-
copying this and these to the IPng list, because at some point, in order
to be IPng spec-compliant, all IPng implementations will have to do
security processing, so these issues need to be thought about by IPng
people.

	The first message I will send (part one) is some general
background discussion.

	The second message I will send (part two) is on IPv4 options
that we can't handle. IPng people may want to skip this one, but I
believe that some of the discussion is relevant.

	The third message I will send (part three) is a detailed
listing of my conclusions as to the variance/invariance/predictability
of every defined field in every IP (IPv4 and IPv6) network-level
header I could find a spec for.

	These messages are intended to prompt discussion. Please
direct this discussion to the <ipsec@ans.net> mailing list, NOT the
<IPng@sunroof.eng.sun.com> mailing list. Unfortunately, I will not
have very good network access for the next month, so I will not be
able to participate in this discussion as much as I would like to.

							-Craig

---

• Prev by Date: Re: What can applications running over ipsec assume?
• Next by Date: Part One: Background
• Prev by thread: Followup question
• Next by thread: Part One: Background
• Index(es):
  • Main
  • Thread