[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH (without ESP) on a secure gateway
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
Stephen> is the focus of this debate. I maintained that it makes
Stephen> sense to use AH between a pair of firewalls ONLY if the
Stephen> header is applied to a tunneled SA. Once we agree on
Stephen> that, the rest ought to be easy. The disagreement has
I thought we *DID* agree to that over the summer.
... i just spent some time slurping through the IPsec archives. Ick
why aren't they at least in Mailbox or digest format? Argh.
Please see http://www.sandelman.ottawa.on.ca/ipsec/maillist.html
for a MHonArc version of Jan-Sept. Chairs, if you'd like the mbox
format it is there as ipsec.960?.mbox, or the perl script to produce
them from what is there, 'toDigest.pl' is also in that directory.
Unless requested, I won't be leaving the stuff there, it is large,
and I'm on a single 64k B-channel.
... well I give up. Even after looking through things in thread
mode, I couldn't find anything. Maybe it says this in the RFCs
somewhere.
I was sure that AH could not be used except as IP-AH-IP-AH was
said sometime ago. Maybe it was said in 1995?
:!mcr!: | Network security consulting and
Michael Richardson | contract programming
WWW: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQBVAwUBMqW5y9TTll4efmtZAQEKJwIAqzkujHGhuWruCNHffG4xGWDYOeR0eJS6
LqsIxyEuTuKeGsBA0TekP2Vo1ITowaywHl3noZJa9/IB6PMX+b135Q==
=8JIP
-----END PGP SIGNATURE-----
References: