[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH (without ESP) on a secure gateway

To: kent@bbn.com
Subject: Re: AH (without ESP) on a secure gateway
From: ho@earth.hpc.org (Hilarie Orman)
Date: Mon, 2 Dec 1996 10:01:42 -0500
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199612021214.FAA13018@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

>   So, irrespective of the other points argued by contributors to this
>   debate, the fundamental problem here is the potential conflict between end
>   systems and intermediate system use of the same header and SPIs.

But this potential conflict is not necessarily fatal, is it?  Assuming
cooperating firewalls, the conflict can exist and be irrelevant.  The
firewalls unwrap outer headers according to their notions of the SA
mappings, and the end hosts unwrap inner headers according to their
notions.  Conflicts are invisible as long as the firewalls are in place.

BTW, does anyone run multiple firewalls and try to keep the databases
in synch?  

Hilarie

Follow-Ups:

Re: AH (without ESP) on a secure gateway

From: Stephen Kent <kent@bbn.com>

Re: AH (without ESP) on a secure gateway

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re[2]: AH (without ESP) on a secure gateway
Next by Date: Re: ANNOUNCEMENT: 1997 RSA Data Security Conference
Prev by thread: Re: Re[2]: AH (without ESP) on a secure gateway
Next by thread: Re: AH (without ESP) on a secure gateway
Index(es):
- Main
- Thread