[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IBM VPN Bakeoff Issues

To: Daniel Harkins <dharkins@cisco.com>
Subject: Re: IBM VPN Bakeoff Issues
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Fri, 06 Nov 1998 17:31:58 -0800
CC: Stephen Waters <Stephen.Waters@digital.com>, Richard Draves <richdr@microsoft.com>, ipsec@tis.com
Organization: RedCreek Communications
References: <199811070121.RAA28335@chip.cisco.com>
Sender: owner-ipsec@ex.tis.com

Hi Dan,

Daniel Harkins wrote:

<trimmed...>

> > [IP2][AH][ESP][IP1][DATA][TLR]
> >
> > Clearly, the AH and ESP headers are adjacent, yet the modes are
> > different, and should be declared as such in the proposal.
> 
> You mean proposal_s_.
> 
> Proposing AH&ESP to protect tunneled traffic between 2 hosts is different than
> proposing ESP to protect tunneled traffic between 2 hosts (STOP, seperate
> negotiation) and then proposing AH to protect ESP traffic in transport mode
> between the 2 gateways. You can't express the "...protect ESP traffic" part
> of the AH proposal without specific client IDs which would be different than
> the client IDs for the ESP traffic. Since client IDs must be consistant across
> all offers they have to be seperate proposals.

Okay, I see what you mean. So, are you arguing that if someone wants
this construct, that we should, by convention, combine the AH/ESP
proposals using tunnel mode for both?

Scott

References:

Re: IBM VPN Bakeoff Issues

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: IBM VPN Bakeoff Issues
Next by Date: RE: IBM VPN Bakeoff Issues
Prev by thread: Re: IBM VPN Bakeoff Issues
Next by thread: RE: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread