[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Steve Deering: state of IPsec specs]

To: kent@bbn.com, kseo@bbn.com
Subject: [Steve Deering: state of IPsec specs]
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Thu, 3 Jul 1997 19:02:52 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@tis.com
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com


	I've received the following request from the chairs of the IPng
working group.  According to Ran Atkinson, who filled me in on some of
the details, this had been discussed at the San Jose ipsec meeting in
December, and there was general consensus to make this change.  The IPng
wg was apparently a little miffed that the discussion was happening in
the ipsec wg instead of the ipng wg, but that jurisdictional tiff aside,
there seems to be general consensus that this is a good thing to do.

	Apparently the ipng wg is thinking about allowing routers to
make use of the 28 bits of the priority + flow label fields for some
kind of fast tag switching or line switching applications, and so it
would be useful if routers were allowed to change these fields while the
packet is in flight.

	If someone needs a more thorough explanation, I suggest they
contact someone in the ipng wg, since apparently these discussions are
not yet completely reflected in the ipng documents, and I have not been
actively tracking the ipng wg.

							- Ted

------- Forwarded Message

X-Sender: deering@cheerios.cisco.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 3 Jul 1997 11:33:31 -0700
To: Robert Moskowitz <rgm3@chrysler.com>, "Ted T'so" <tytso@MIT.EDU>
From: Steve Deering <deering@cisco.com>
Subject: state of IPsec specs
Cc: hinden@ipsilon.com

Bob and Ted,

>From the chairs of IPng WG to the new chairs of IPsec WG:

....

	- The IPng WG decided in Memphis that we wish to exclude the
	  first 32 bits of the IPv6 header (consisting of the Version,
	  Priority, and Flow Label fields) from the authentication
	  computation performed for the AH, so that they may be modified
	  en route without breaking end-to-end authentication.  This is a
	  change from RFC 1826.  We have heard conflicting reports about
	  IPsec WG developments in this area, some saying that IPsec had
	  already made on such a change (without consulting the IPng WG!),
	  and others saying that no decision had been made yet.  Could
	  you please ensure that the desired change is made, or let us
	  know why not?

....

Bob and Steve



------- End Forwarded Message

Prev by Date: RE: ISAKMP SA negotiation
Next by Date: Re: [Steve Deering: state of IPsec specs]
Prev by thread: I-D ACTION:draft-ietf-ipsec-ciph-rc5-cbc-00.txt
Next by thread: Re: [Steve Deering: state of IPsec specs]
Index(es):
- Main
- Thread