[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tunnel mode AH (Was: notes from... IETF meeting)
Charlie,
no such decision was made (that I am aware of) in Memphis. It would be
good to start thrashing that out here.
Dave
Charles Lynn wrote:
>
> David,
>
> > optional encryption
> > not optional in ESP
> > A tunnel mode must be added to the specs for AH
>
> Did the working group decide on a mechanism, e.g., a bit in the
> RESERVED field, to indicate a "tunnel mode" in which none of the
> headers preceding the AH are to be covered by the integrity
> mechanism?
>
> Such a mode is needed both for efficiency (hop-by-hop protection of
> every packet sent between two systems) and for extensibility (as new
> extension header versions, etc. are defined). This was provided by
> the "ESP with integrity but not confidentiality" combination.
>
> Charlie