Re: Deprecation of AH header from the IPSEC tool kit

[Michael Thomas <mat@cisco.com>]

Ben McCann writes:
 > >  Michael> This might be water well under the bridge, but has the
 > >  Michael> thought of having a mode to ESP which protects the outer
 > >  Michael> headers?
 > 
 > Aren't your goals met by using ESP _tunnel_ mode? Just tunnel the OSPF,
 > RIP, etc, packet from one box to the other. The tunneled packet has an
 > inner IP header is completely secured by ESP. This is the header seen
 > by OSPF, RIP, etc, once ESP completes the authentication of the packet.
 > 

   See my previous post. Throwing bytes at the problem
   is certainly one way to solve it, but it may not
   be practical in many, many cases.

		Mike

---

References:

• Deprecation of AH header from the IPSEC tool kit
• From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Paul Koning <pkoning@xedia.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Michael Thomas <mat@cisco.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Paul Koning <pkoning@xedia.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Michael Thomas <mat@cisco.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Paul Koning <pkoning@xedia.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Ben McCann <bmccann@indusriver.com>

---

• Prev by Date: Re: [Fwd: Deprecation of AH header from the IPSEC tool kit]
• Next by Date: Re: Deprecation of AH header from the IPSEC tool kit
• Prev by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Next by thread: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
• Index(es):
  • Main
  • Thread