[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit



>>>>> "RJ" == RJ Atkinson <rja@inet.org> writes:

 RJ> At 01:32 16/06/00 , Radia Perlman wrote:
 >> Ran said:
 >> 
 >> >> A counter-example is the Source Routing header, which can >> be
 >> authenticated hop-by-hop with AH ...
 >> 
 >> How do you authenticate something hop-by-hop when the key is only
 >> known end-to-end?

 RJ> Nothing in the ESP or AH specs prevent the key from being known
 RJ> at an intermediate point.  So the assumption that the key is only
 RJ> known end-to-end isn't always true.

I don't know about other people, but I'm not about to even consider
the notion of a "security" protocol where the key is known all over
the path.  No way.

    paul


References: