[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Internet Draft for explicit security labels in IPv6.
It mandates a guarantee that the label on the IPv6 is authentic before trusting
it. In a link-local scope, where the label is proposed to be carried in the
destination header, ESP is mandatory and sufficient.
On a wider scope, AH is necessary.
Kais.
>
>This sounds like it mandates the use of AH, is that correct?
>
>Best Regards,
>Joseph D. Harwood
>jharwood@vesta-corp.com
>www.vesta-corp.com
>
>> -----Original Message-----
>> From: owner-ipsec@lists.tislabs.com
>> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Kais Belgaied
>> Sent: Wednesday, February 28, 2001 7:18 PM
>> To: ipng@sunroof.eng.sun.com; ipsec@lists.tislabs.com
>> Subject: Internet Draft for explicit security labels in IPv6.
>>
>>
>> Greetings,
>>
>> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
>> within the premises of a trusted infrastructure.
>> IPv6 only has the implicit labeling by having different IPsec SAs convey
>> different labels.
>> We think there is a need to have explicit labels in IPv6, whether or not
>> IPsec is used.
>>
>> Please see draft-belgaied-ipv6-lsopt-00.txt
>>
>> http://www.ietf.org/internet-drafts/draft-belgaied-ipv6-lsopt-00.txt
>>
>>
>> Regards,
>> Kais.
>>
>>
>>