[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng 4316) Question on Extension Header Order

To: Steve Deering <deering@cisco.com>
Subject: Re: (IPng 4316) Question on Extension Header Order
From: Stephen Kent <kent@bbn.com>
Date: Wed, 13 Aug 1997 15:36:36 -0500
Cc: Charles Lynn <clynn@bbn.com>, ipsec@tis.com, ipng@sunroof.eng.sun.com
In-Reply-To: <199708131119.HAA03146@portal.ex.tis.com>
References: clynn@bbn.com's message of Sun, 10 Aug 97 09:39:52 -0500. <199708101340.GAA18089@saturn.Sun.COM>
Sender: owner-ipsec@ex.tis.com

Steve,

	The Architecture Document was submitted "approximately" on time,
e.g., no more than 5 minutes late.  Since we've seen a lot of documents
being posted long after the deadline, I suspect ours just fell through the
cracks.  Just to be sure, we copied it to the list, so the WG members have
had it for a couple of weeks, but the rest of the community has not.  I
apologize for the confusion.

	We'll fix the editing error in ESP.  Yes, when both encryption and
authenticaion are peformed in ESP, the encryption is done first, then the
authentication.  This allows for parellelism at the receiver and alos
allows for faster rejection of various sorts of denial of service attacks.
If AH and ESP and both employed in transport mode, AH is the outer header,
i.e., the first security protocol above IP, and ESP would follow AH.  Here
the rationale for the positioning is even stronger, since ESP is an
encapsulation protocol and thus AH inside of ESP does not work well.

Steve

References:

Re: (IPng 4316) Question on Extension Header Order

From: Steve Deering <deering@cisco.com>

Prev by Date: ISAKMP/Oakley resolution draft question
Next by Date: Where is IPDOI document?
Prev by thread: Re: (IPng 4316) Question on Extension Header Order
Next by thread: ISAKMP/Oakley resolution draft question
Index(es):
- Main
- Thread