[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP revisions straw poll

To: Matt Thomas <matt.thomas@altavista-software.com>
Subject: Re: ESP revisions straw poll
From: Stephen Kent <kent@bbn.com>
Date: Thu, 15 May 1997 15:50:27 -0400
Cc: ipsec@tis.com
In-Reply-To: <3.0.1.32.19970514194341.006c012c@nntpd.lkg.dec.com>
References: <199705142144.OAA04294@dharkins-ss20> <Your message of "Tue,13 May 1997 21:05:41 EDT." <v0300780aaf93d9d373f4@[128.89.30.17]>
Sender: owner-ipsec@ex.tis.com

Matt,

	Proposing that ESP authentication be changed to operate the same
way as AH would represent a major change, at a time when I hear
implementors arguing strongly against making changes.  Let me refer you to
my very recent message that questions what security problems arise, in
tunnel and transport modes, if undetected modification of IP headers and
options take place.  In performing the analysis, keep in mind what
fields/options/extensions are covered by AH (the answer is very few) and
what level of muxing can occur in each mode, relative to the IP address
info.

Steve

References:

Re: ESP revisions straw poll

From: Daniel Harkins <dharkins@cisco.com>

Re: ESP revisions straw poll

From: Matt Thomas <matt.thomas@altavista-software.com>

Prev by Date: Re: ESP revisions straw poll
Next by Date: Re: ESP revisions straw poll
Prev by thread: Re: ESP revisions straw poll
Next by thread: Re: ESP revisions straw poll
Index(es):
- Main
- Thread