[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: eliminate AH
At 04:24 AM 5/22/97 GMT, William Allen Simpson wrote:
>I don't want 2 different ways to authenticate. It's too complicated.
I'd rather not have two methods as well.
>We only need one way, for all the reasons given by Steve in his earlier
>message. If we have it in ESP, and cannot agree on when to use it and
>when not, then let's discard AH. Simplify.
Or simply define AH as encryptionless ESP. (e.g. the processing rules
are identical for both execpt that if you are using null-encryption
the protocol field is AH else it's ESP). This does. however, mean that
IPv6 routing headers and hop-by-hop options can not be authenticated.
(the destination node options can be covered by placing them after the
AH/ESP; this technique should work for the Mobile IPv6 routing header
as well since it's transmitted in "final form" by the mobile host).
--
Matt Thomas Internet: matt.thomas@altavista-software.com
Internet Locksmith WWW URL: <coming eventually>
AltaVista Internet Software Disclaimer: This message reflects my own
Littleton, MA warped views, etc.
References:
- eliminate AH
- From: "William Allen Simpson" <wsimpson@greendragon.com>