[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecation of AH header from the IPSEC tool kit
> Here is a picture. Note that the Hop-by-Hop IPsec might be ESP
> instead of AH; there is nothing (IMHO :-) worth protecting in the IPv6
> header in this scenario (unless using the mobile IP scenario that has
> been described on the list).
>
> <----------------------------- AH e -------------------------->
> <--- AH 1 ---> <--- ESP ---> <--- AH 2 ---> <--- AH 3 --->
>
If you are going to go through all this trouble, there is no point in
using hop-by-hop routing headers; just set up IP tunnels from each hop
to the next and be done with it!
/ji