[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
>>>>> "RJ" == RJ Atkinson <rja@inet.org> writes:
RJ> At 01:32 16/06/00 , Radia Perlman wrote:
>> Ran said:
>>
>> >> A counter-example is the Source Routing header, which can >> be
>> authenticated hop-by-hop with AH ...
>>
>> How do you authenticate something hop-by-hop when the key is only
>> known end-to-end?
RJ> Nothing in the ESP or AH specs prevent the key from being known
RJ> at an intermediate point. So the assumption that the key is only
RJ> known end-to-end isn't always true.
I don't know about other people, but I'm not about to even consider
the notion of a "security" protocol where the key is known all over
the path. No way.
paul
References: