[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH (without ESP) on a secure gateway

To: Steven Bellovin <smb@research.att.com>
Subject: Re: AH (without ESP) on a secure gateway
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 04 Dec 1996 10:19:49 -0500
cc: Stephen Kent <kent@bbn.com>, Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@tis.com
In-reply-to: Your message of "Tue, 03 Dec 1996 23:58:30 EST." <199612040458.XAA18260@raptor.research.att.com>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com


Steven Bellovin writes:
> It's very clear to me that firewall-to-firewall IPSEC -- whether it's
> ESP or AH -- should be done *only* in tunnel mode.  To do otherwise
> is inviting trouble.  In fact, I had thought that was what was done --
> no other possibility had occurred to me.

Nor to me, for that matter, when the idea originated in the hallway at
Toronto a couple of years ago.

> There's a second issue that has come up here -- how does one know which
> the right firewall is?  This is one of the points I raised at the last
> IETF meeting; in my opinion, it's very closely related to the naming
> issue and the certificate issue, and we haven't really tackled either
> of those.

A notable void in our work to date...

Perry

References:

Re: AH (without ESP) on a secure gateway

From: Steven Bellovin <smb@research.att.com>

Prev by Date: IPsec Implementation Survey update
Next by Date: Re: ISAKMP DELETE payload
Prev by thread: Re: AH (without ESP) on a secure gateway
Next by thread: Re: AH (without ESP) on a secure gateway
Index(es):
- Main
- Thread