[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2401 section 5.2.1

To: "Shoichi 'Ne' Sakane" <sakane@ydc.co.jp>
Subject: Re: RFC 2401 section 5.2.1
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 28 Nov 2000 11:06:37 -0500 (EST)
cc: Francis.Dupont@enst-bretagne.fr, ipsec@lists.tislabs.com
In-Reply-To: <20001128233617M.sakane@ydc.co.jp>
Sender: owner-ipsec@lists.tislabs.com

(Note mobile-ip dropped from addressees list.)

On Tue, 28 Nov 2000, Shoichi 'Ne' Sakane wrote:
> > ...It would be better if they could also work with ESP.
> 
> ESP can not protect all part of a IP packet...

Correct.  Neither can AH, although it protects slightly more than ESP. 
The question is whether it is wise for protocol designers to rely on the
extra portions AH protects.  Where possible, they should avoid that. 

> I believe we need AH in spite of the IP version.

Perhaps.  But the existence of protocols which depend on it should not be
advanced as a reason, unless it is first demonstrated that those protocols
fundamentally need AH and could not work with ESP.

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: RFC 2401 section 5.2.1

From: Michael Thomas <mat@cisco.com>

References:

Re: RFC 2401 section 5.2.1

From: "Shoichi 'Ne' Sakane" <sakane@ydc.co.jp>

Prev by Date: Re: HI
Next by Date: Re: RFC 2401 section 5.2.1
Prev by thread: Re: RFC 2401 section 5.2.1
Next by thread: Re: RFC 2401 section 5.2.1
Index(es):
- Main
- Thread