[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH & IPv4 options

To: smb@research.att.com
Subject: Re: AH & IPv4 options
From: hughes@hughes.network.com (James P. Hughes)
Date: Mon, 28 Aug 1995 12:12:48 -0600
Cc: atkinson@itd.nrl.navy.mil (Ran Atkinson), ipsec@ans.net


>What of routers that will add or delete IPSO
>options?  Bill claimed that that's broken, too -- but it certainly exists,
>and is probably necessary for single-level systems on, say, top secret
>nets.

As a vendor of routers that can be (and routinely are) profiled to add or
delete options such as CIPSO, DIN6 or others. Not being able to stamp
packets is an inconvenience, not the end of the world.

Our filter can be programed that if the protocol is IPSEC, then do not add
any labels. That is possible. Specific firewalling instructions for IPSEC
will be necessary regardless of the labeling issues...

This is not a problem for IP in IP, right? The inner packet is not touched
by labeling...



----------------------
James P Hughes <hughes@hughes.network.com>
Network Systems Corporation, A Subsidiary of StorageTek.
Voice (612)424-1676     FAX   (612)391-1821
Key fingerprint =  68 E7 D5 75 3C 88 86 71  D4 34 36 C3 8E DD 48 17

Prev by Date: Re: AH & IPv4 options
Next by Date: minor Photuris changes
Prev by thread: Re: AH & IPv4 options
Next by thread: minor Photuris changes
Index(es):
- Main
- Thread