Re: doi-07/interoperability questions

[Robert Moskowitz <rgm-sec@htt-consult.com>]

At 02:20 PM 3/10/98 -0500, Ben Rogers wrote:
>
>Yes.  In fact, I was thinking specifically about gateway to gateway
>configurations using both AH and ESP.

In that case...

>> >as to whether I should support mixed proposals.  My opinion is that it
>> >makes sense to support AH (transport) and ESP (tunnel) with the
>> >following encapsulation:
>> >
>> >[IP2][AH][ESP][IP1][upper]
>> >
>> >and to not support AH (tunnel) and ESP (transport).  Does anyone else

This feels right to me.  What you are saying is that the gateways are
maintaining a secure tunnel, which is separately authenticated. (I think
:).  So you want the tunneled IP datagram in one piece.  The AH (transport)
and ESP (tunnel) delivers this.  The AH (tunnel) and ESP (transport) breaks
the IP datagram.


Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

---

Follow-Ups:

• Re: doi-07/interoperability questions
• From: Stephen Kent <kent@bbn.com>

References:

• Re: doi-07/interoperability questions
• From: Robert Moskowitz <rgm-sec@htt-consult.com>
• doi-07/interoperability questions
• From: Ben Rogers <ben@Ascend.COM>
• Re: doi-07/interoperability questions
• From: Ben Rogers <ben@Ascend.COM>

---

• Prev by Date: Re: doi-07/interoperability questions
• Next by Date: Re: doi-07/interoperability questions
• Prev by thread: Re: doi-07/interoperability questions
• Next by thread: Re: doi-07/interoperability questions
• Index(es):
  • Main
  • Thread