[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to

To: baiju.v.patel@intel.com (Patel, Baiju V)
Subject: Re: Last Call: Security Architecture for the Internet Protocol to
From: Dan McDonald <danmcd@Eng.Sun.Com>
Date: Fri, 27 Mar 1998 10:03:49 -0800 (PST)
Cc: peterf@microsoft.com, iesg@ns.ietf.org, ipsec@tis.com
In-Reply-To: <A1B6CB375930D11188D100A0C95A36BD0114785B@FMSMSX31> from "Patel, Baiju V" at Mar 27, 98 08:41:24 am
Sender: owner-ipsec@ex.tis.com

One of the biggest reasons we have AH is because there _are_ some things
in the middle of the "IP header" that need to be authenticated for them to be
simultaneously safe and useful.  The biggest example of this is source
routing.

I'll admit that I've never been in the operations business, but I've been
told that source routing is a very useful tool for diagnosing some classes of
problems.  AH allows source routing to be useful again w/o opening the holes
it opens.

--
Daniel L. McDonald  -  Solaris Internet Engineering  ||  MY OPINIONS ARE NOT
Mail: danmcd@eng       MS UMPK17-202                 ||  NOT NECESSARILY SUN'S!
Extension:  x86815               |"rising falling at force ten
WWW: http://jurassic.eng/~danmcd | we twist the world and ride the wind" - Rush

References:

RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: "Patel, Baiju V" <baiju.v.patel@intel.com>

Prev by Date: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Prev by thread: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Index(es):
- Main
- Thread