[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Deprecation of AH header from the IPSEC tool kit

To: John Ioannidis <ji@research.att.com>, bill.strahm@intel.com, ipsec@lists.tislabs.com, mat@cisco.com, mcr@solidum.com
Subject: RE: Deprecation of AH header from the IPSEC tool kit
From: Chris Trobridge <CTrobridge@baltimore.com>
Date: Fri, 16 Jun 2000 08:02:56 +0100
Sender: owner-ipsec@lists.tislabs.com

> From: John Ioannidis [mailto:ji@research.att.com]
>
> > about Security Policy a coworker and I came across a 
> requirement for IPSO
> > (RFC1108) U.S. Department of Defense Security Options for 
> the Internet
> 
> In the presence of IPsec, IPSO (and CIPSO and stuff) are 
> redundant.  One
> can achieve the same effect by proper interpretation of SAs.  
> Any system
> capable of verifying the AH header (so it can authenticate the IPSO)
> can simply make policy decisions based on the SA.
> 
> /ji

The security label can be used to select the SA in the first place.

Chris

Prev by Date: Re: Deprecation of AH header from the IPSEC tool kit
Next by Date: RE: Deprecation of AH header from the IPSEC tool kit
Prev by thread: Re: Deprecation of AH header from the IPSEC tool kit
Next by thread: RE: Deprecation of AH header from the IPSEC tool kit
Index(es):
- Main
- Thread