[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tunnel mode AH (Was: notes from developer's portion of IETF meeting)

To: David Carrel <carrel@redbacknetworks.com>
Subject: Tunnel mode AH (Was: notes from developer's portion of IETF meeting)
From: Charles Lynn <clynn@bbn.com>
Date: Thu, 17 Apr 97 10:32:54 EDT
cc: palamber@us.oracle.com, ipsec@tis.com, CLynn@bbn.com
Sender: owner-ipsec@ex.tis.com

David,

> optional encryption
>         not optional in ESP
>         A tunnel mode must be added to the specs for AH

Did the working group decide on a mechanism, e.g., a bit in the
RESERVED field, to indicate a "tunnel mode" in which none of the
headers preceding the AH are to be covered by the integrity
mechanism?

Such a mode is needed both for efficiency (hop-by-hop protection of
every packet sent between two systems) and for extensibility (as new
extension header versions, etc. are defined).  This was provided by
the "ESP with integrity but not confidentiality" combination.

Charlie

Follow-Ups:

Re: Tunnel mode AH (Was: notes from developer's portion of IETF meeting)

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: Re: notes from developer's portion of IETF meeting
Next by Date: Re: Small subgroups and ISAKMP/Oakley
Prev by thread: Re: notes from developer's portion of IETF meeting
Next by thread: Re: Tunnel mode AH (Was: notes from developer's portion of IETF meeting)
Index(es):
- Main
- Thread