[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tunnel mode AH (Was: notes from... IETF meeting)

To: Charles Lynn <clynn@bbn.com>
Subject: Re: Tunnel mode AH (Was: notes from... IETF meeting)
From: David Carrel <carrel@redbacknetworks.com>
Date: Thu, 17 Apr 1997 10:46:01 -0700
CC: palamber@us.oracle.com, ipsec@tis.com
Organization: RedBack Networks Inc.
References: <md5:165E7FB08469B6E5A41A7BE0DFFF2C48>
Sender: owner-ipsec@ex.tis.com

Charlie,

no such decision was made (that I am aware of) in Memphis.  It would be
good to start thrashing that out here.

Dave

Charles Lynn wrote:
> 
> David,
> 
> > optional encryption
> >         not optional in ESP
> >         A tunnel mode must be added to the specs for AH
> 
> Did the working group decide on a mechanism, e.g., a bit in the
> RESERVED field, to indicate a "tunnel mode" in which none of the
> headers preceding the AH are to be covered by the integrity
> mechanism?
> 
> Such a mode is needed both for efficiency (hop-by-hop protection of
> every packet sent between two systems) and for extensibility (as new
> extension header versions, etc. are defined).  This was provided by
> the "ESP with integrity but not confidentiality" combination.
> 
> Charlie

Prev by Date: Re: notes from developer's portion of IETF meeting
Next by Date: Re: Small subgroups and ISAKMP/Oakley
Prev by thread: RE: CBC IV generation in ISAKMP/Oakley
Next by thread: ...IPSEC-ISAKMP-07.TXT
Index(es):
- Main
- Thread