[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH & IPv4 options

To: atkinson@itd.nrl.navy.mil (Ran Atkinson)
Subject: Re: AH & IPv4 options
From: smb@research.att.com
Date: Mon, 28 Aug 95 11:54:15 EDT
Cc: ipsec@ans.net

	 
	 Routers that arbitrarily reorder IP options are broken.  

	 Bill Simpson "educated" me about this issue offline.  To the best of
	 my knowledge (including my understanding of Bill's inputs) those
	 routers never included high-volume vendors (e.g. Cisco, Wellfleet/Bay,
	 3COM) and the software releases that did reorder options are ancient
	 by now.  To the best of my understanding, all such routers were
	 derived in part on a single original TCP/IP stack.  That original
	 stack has not reordered options for a long while now. I don't think we
	 can or should make any effort to protect AH from such routers. I don't
	 think we should change specs just to make older broken systems
	 conforming.

What of routers -- specifically Cisco -- that will add or delete IPSO
options?  Bill claimed that that's broken, too -- but it certainly exists,
and is probably necessary for single-level systems on, say, top secret
nets.

Follow-Ups:

Re: AH & IPv4 options

From: Steve Kent <kent@BBN.COM>

Prev by Date: AH & IPv4 options
Next by Date: Re: AH & IPv4 options
Prev by thread: AH & IPv4 options
Next by thread: Re: AH & IPv4 options
Index(es):
- Main
- Thread