[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH in tunnel mode
On Tue, 20 Aug 1996, Naganand Doraswamy wrote:
> I would like to know what people think about AH in tunnel mode. Ran
> suggested that I post this to the list to evoke some discussion and then add
> the following text either in the AH spec or write an informational document
> on using IPSec to build VPN's.
>
I believe tunnel mode in AH should be supported for the same reasons it is
supported in ESP. However, the existing drafts/RFCs should be made clear in
this area. Specifically, the following should be removed from
the architecture draft:
"While the Authentication Header might be implemented by a
security gateway on behalf of hosts on a trusted network behind
that security gateway, this mode of operation is not encouraged."
Tunnel mode in ESP is explicitly discussed in the drafts while the
AH documents seem to focus on "upper protocols". I vote for changing this.
Dan
Dan Frommer | Voice: +972-3-645-5396 | Email: dan@radguard.com
RADGUARD, Ltd. | Fax: +972-3-648-0859 |
References: