[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecation of AH header from the IPSEC tool kit

To: Radia.Perlman@East.Sun.COM, clynn@bbn.com
Subject: Re: Deprecation of AH header from the IPSEC tool kit
From: John Ioannidis <ji@research.att.com>
Date: Fri, 16 Jun 2000 11:34:27 -0400 (EDT)
Cc: OSPF@discuss.microsoft.com, ipsec@lists.tislabs.com, isis-wg@juniper.net
Sender: owner-ipsec@lists.tislabs.com

> Here is a picture.  Note that the Hop-by-Hop IPsec might be ESP
> instead of AH; there is nothing (IMHO :-) worth protecting in the IPv6
> header in this scenario (unless using the mobile IP scenario that has
> been described on the list).
> 
>    <----------------------------- AH e -------------------------->
>    <--- AH 1 --->   <--- ESP --->   <--- AH 2 --->  <--- AH 3 --->
> 

If you are going to go through all this trouble, there is no point in
using hop-by-hop routing headers; just set up IP tunnels from each hop
to the next and be done with it!

/ji

Prev by Date: Mode Config and IKECFG ?
Next by Date: Re: Deprecation of AH header from the IPSEC tool kit
Prev by thread: RE: Deprecation of AH header from the IPSEC tool kit
Next by thread: Re: Deprecation of AH header from the IPSEC tool kit
Index(es):
- Main
- Thread