[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Deprecation of AH header from the IPSEC tool kit

To: bill.strahm@intel.com, ipsec@lists.tislabs.com, mat@cisco.com, mcr@solidum.com
Subject: RE: Deprecation of AH header from the IPSEC tool kit
From: John Ioannidis <ji@research.att.com>
Date: Thu, 15 Jun 2000 12:35:08 -0400 (EDT)
Sender: owner-ipsec@lists.tislabs.com

> about Security Policy a coworker and I came across a requirement for IPSO
> (RFC1108) U.S. Department of Defense Security Options for the Internet

In the presence of IPsec, IPSO (and CIPSO and stuff) are redundant.  One
can achieve the same effect by proper interpretation of SAs.  Any system
capable of verifying the AH header (so it can authenticate the IPSO)
can simply make policy decisions based on the SA.

/ji

Prev by Date: RE: Deprecation of AH header from the IPSEC tool kit
Next by Date: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
Prev by thread: RE: Deprecation of AH header from the IPSEC tool kit
Next by thread: Re: Deprecation of AH header from the IPSEC tool kit
Index(es):
- Main
- Thread