[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ICMP Security Failures
I wrote:
>(There's some haze here, but we really only want an AH to be able to cover an
>IP header that actually exists on the wire, not some possible fabrication of
>a stack)
Well, maybe that isn't so. Consider: IP-ESP-[IP-AH]. The encrypted
[IP-AH] doesn't actually exist on the wire, but is a predictable intermediate
result in the network stack's processing and is something that we really might
want an AH to be able to cover.
-Craig