[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[4]: AH (without ESP) on a secure gateway

To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Subject: Re[4]: AH (without ESP) on a secure gateway
From: "Whelan, Bill" <bwhelan@nei.com>
Date: Mon, 02 Dec 96 17:27:43 EST
Cc: kent@bbn.com, ho@earth.hpc.org, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

     
     
>Hmm.  Which "protocol tower" are we talking about, anyhow?

> IP[H1->H2],AH[R1->R2],...

>or

> IP[R1->R2],AH[R1->R2],IP[H1->H2],...

>(R1,R2 are routers, H1,H2 are hosts; the problem is only interesting
>if we assume H2 != R2).

Well I'm not sure I understand the notation (AH defined in RFC 1826 
doesn't have source/destination addresses), but I was thinking of the 
former case.

OOPS, I just noticed there is an internet draft more recent than RFC 
1826.  I'll go over this to see if I need to take anything back(:-().

>The latter case has "outer headers" and "inner headers".

Unless I'm really confused, the latter case is not even provided for in the 
specifications...  Or are you saying that security gateways which provide AH 
MUST implement some type of IP (ESP or other) tunneling?  I don't see that 
required by the documents.

>I can see ways of making the former case "work" when H2 doesn't do
>AH, but if H2 does, you have to worry about SPI collisions between
>the ones assigned by H2 and the ones assigned by R2..

>     - Bill

Bill W.

Follow-Ups:

Re: Re[4]: AH (without ESP) on a secure gateway

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Re[4]: AH (without ESP) on a secure gateway

From: Karl Fox <karl@ascend.com>

Prev by Date: Re: AH (without ESP) on a secure gateway
Next by Date: Re: Re[4]: AH (without ESP) on a secure gateway
Prev by thread: Re: AH (without ESP) on a secure gateway
Next by thread: Re: Re[4]: AH (without ESP) on a secure gateway
Index(es):
- Main
- Thread