[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SKIP with AH/ESP/etc.

To: ashar@osmosys.incog.com (Ashar Aziz)
Subject: Re: SKIP with AH/ESP/etc.
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Mon, 28 Aug 1995 13:03:03 +0200 (MET DST)
Cc: ipsec@ans.net
In-Reply-To: <199508241922.AA47794@interlock.ans.net> from "Ashar Aziz" at Aug 24, 95 12:31:43 pm

Ashar Aziz wrote:
> Hilarie has proposed that we separate SKIP key-mgmt info
> from transform specific information (e.g. IVs, MACs etc.)
> and place this in a separate SKIP header that precedes
> the AH/ESP headers. SKIP would need its own protocol number,
> and would contain a next header field which would indicate
> AH or ESP. There are actually other possibilities as well,
> which I will describe below.
> 
> Please let me know if people have strong opinions on this,
> either for or against.

IMHO this is a very valuable idea. The problem so far with SKIP was that it
did not fit into the 'security association' philosophy with which AH and
ESP are designed. With the proposed changes, SKIP would kind of establish 
its own security association on a per-packet base, which could then be used 
by the rest of the packet. Very neat! At the same time the idea does not
introduce additional overhead or offline communication. 

I am looking forward to the new draft ;-)

Friendly greetings,

	Germano Caronni

References:

SKIP with AH/ESP/etc.

From: ashar@osmosys.incog.com (Ashar Aziz)

Prev by Date: Call for papers: Special issue on security and mobility
Next by Date: Re: Part Two: IPv4 Options We Can't Handle
Prev by thread: Re: SKIP with AH/ESP/etc.
Next by thread: Call for papers: Special issue on security and mobility
Index(es):
- Main
- Thread