[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Karen Seo: Thomas Narten -- clarification, etc.]



I would agree with Steve's remark that none of these
choices are particularly palatable. 

Here is a solution that exists within IPSEC standards
that meets all the requirements and yet, not 
confusing:

Use tunnel mode! Using AH or ESP with tunnel mode
will protect IP header (including non-mutable and
mutable but predictable headers). I believe that
many people have suggested this option on this 
mailing list earlier and it will work and do the job.

Baiju

-----Original Message-----
From: owner-ipsec@ex.tis.com [mailto:owner-ipsec@ex.tis.com]On Behalf Of
Steve Bellovin
Sent: Thursday, April 30, 1998 12:27 PM
To: Theodore Y. Ts'o
Cc: Thomas Narten; jis@MIT.EDU; ipsec@tis.com; ipng@sunroof.eng.sun.com
Subject: Re: [Karen Seo: Thomas Narten -- clarification, etc.] 


	 None of these choices are particularly palatable.  Just so I
	 understand the IPV6 issues a little better --- how likely is
	 it that we will want to invent new extension headers?  And how
	 likely is it that the ordering will matter and that the new
	 extension header will have to be before the AH header, and
	 could not be placed after the AH header?

Well, Vern Paxson and I are talking about a new header right now -- and
it would have to be mutable.




Follow-Ups: