Re: AH (without ESP) on a secure gateway

[Stephen Kent <kent@bbn.com>]

Mike,

	You mention early in your message the key issue, which is the focus
of this debate.  I maintained that it makes sense to use AH between a pair
of firewalls ONLY if the header is applied to a tunneled SA.  Once we agree
on that, the rest ought to be easy.  The disagreement has been on whether
it is appropriate to have two (or more) instances of AH without an
intervening IP header.  We have seen several messages now arguing why this
is not an appropriate header sequence, including your message to which I am
responding.  So, I don't disagree with the examples you cited.

Steve

---

Follow-Ups:

• Re: AH (without ESP) on a secure gateway
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:

• Re: AH (without ESP) on a secure gateway
• From: Stephen Kent <kent@bbn.com>
• Re: AH (without ESP) on a secure gateway
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

---

• Prev by Date: Re: Re[5]: AH (without ESP) on a secure gateway
• Next by Date: Re: AH (without ESP) on a secure gateway
• Prev by thread: Re: AH (without ESP) on a secure gateway
• Next by thread: Re: AH (without ESP) on a secure gateway
• Index(es):
  • Main
  • Thread