[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

From: Robert Glenn <glenn@snad.ncsl.nist.gov>
Date: Thu, 5 Dec 1996 08:45:47 -0500 (EST)

HAA04604; Thu, 5 Dec 1996 07:54:14 -0500 (EST)
Date: Thu, 5 Dec 1996 07:54:14 -0500 (EST)
Message-Id: <199612051254.HAA04604@sloth.ncsl.nist.gov>
To: ipsec@tis.com
Subject: Re: Re[2]: AH (without ESP) on a secure gate
Sender: owner-ipsec@portal.ex.tis.com
Precedence: bulk


In article <199612041911.LAA02222@cornpuffs.cisco.com>, Ran Atkinson
<rja@cisco.com> writes:
>
>	I am aware that many implementers of AH have in fact implemented a
>"tunnel-mode AH" (which looks like this: [ip:r1->r2][ah][ip:h1->h2][ulp],
>where r1,r2 are security gateways and h1,h2 are end nodes).  I believe that
>the best approach is to simply add a definition of this tunnel-mode AH into
>the AH base specification.  This also has the virtue of having the least
>amount of negative impact on interoperability of existing AH implementations.
>
>

I couldn't agree more.  This would also help better align the ESP and AH specs.

Rob G.
-- 
rob.glenn@nist.gov

Prev by Date: AH (without ESP) on a secure gateway
Next by Date: discussing revised documents
Prev by thread: RE: SA, Proposal and Transform payloads
Next by thread: No Subject
Index(es):
- Main
- Thread