[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
HAA04604; Thu, 5 Dec 1996 07:54:14 -0500 (EST)
Date: Thu, 5 Dec 1996 07:54:14 -0500 (EST)
Message-Id: <199612051254.HAA04604@sloth.ncsl.nist.gov>
To: ipsec@tis.com
Subject: Re: Re[2]: AH (without ESP) on a secure gate
Sender: owner-ipsec@portal.ex.tis.com
Precedence: bulk
In article <199612041911.LAA02222@cornpuffs.cisco.com>, Ran Atkinson
<rja@cisco.com> writes:
>
> I am aware that many implementers of AH have in fact implemented a
>"tunnel-mode AH" (which looks like this: [ip:r1->r2][ah][ip:h1->h2][ulp],
>where r1,r2 are security gateways and h1,h2 are end nodes). I believe that
>the best approach is to simply add a definition of this tunnel-mode AH into
>the AH base specification. This also has the virtue of having the least
>amount of negative impact on interoperability of existing AH implementations.
>
>
I couldn't agree more. This would also help better align the ESP and AH specs.
Rob G.
--
rob.glenn@nist.gov