[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP Security Failures

To: ipsec@ans.net
Subject: Re: ICMP Security Failures
From: Craig Metz <cmetz@sundance.itd.nrl.navy.mil>
Date: Thu, 28 Dec 1995 07:05:15 -0500
In-Reply-To: Your message of "Thu, 28 Dec 1995 06:58:09 EST."
Reply-To: ipsec@ans.net
Sender: ipsec-owner@ans.net

I wrote:
>(There's some haze here, but we really only want an AH to be able to cover an
>IP header that actually exists on the wire, not some possible fabrication of
>a stack)

	Well, maybe that isn't so. Consider: IP-ESP-[IP-AH]. The encrypted
[IP-AH] doesn't actually exist on the wire, but is a predictable intermediate
result in the network stack's processing and is something that we really might
want an AH to be able to cover.

									-Craig

Prev by Date: Re: ICMP Security Failures
Next by Date: I-D ACTION:draft-krawczyk-keyed-md5-01.txt
Prev by thread: Re: ICMP Security Failures
Next by thread: Re: ICMP Security Failures
Index(es):
- Main
- Thread