[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: AH (without ESP) on a secure gateway

To: kent@bbn.com, ho@earth.hpc.org (Hilarie Orman)
Subject: Re[2]: AH (without ESP) on a secure gateway
From: "Whelan, Bill" <bwhelan@nei.com>
Date: Mon, 02 Dec 96 12:43:17 EST
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

     .
     .
     .
     
>But this potential conflict is not necessarily fatal, is it?  Assuming 
>cooperating firewalls, the conflict can exist and be irrelevant.  The 
>firewalls unwrap outer headers according to their notions of the SA 
>mappings, and the end hosts unwrap inner headers according to their 
>notions.  Conflicts are invisible as long as the firewalls are in 
>place.

Outer headers and inner headers?  Per RFC1826, the Authentication Header 
sits between the IP header and the upper layer protocol.  It appears the 
same whether it's inserted by the host system or the gateway.
     
     
>Hilarie

Bill

Follow-Ups:

Re: Re[2]: AH (without ESP) on a secure gateway

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: IPSEC mtgs at IETF?
Next by Date: IPSEC Agenda
Prev by thread: Re: AH (without ESP) on a secure gateway
Next by thread: Re: Re[2]: AH (without ESP) on a secure gateway
Index(es):
- Main
- Thread