RE: Internet Draft for explicit security labels in IPv6.

[Kais Belgaied <kais@domus.ebay.sun.com>]

It mandates a guarantee that the label on the IPv6 is authentic before trusting
it. In a link-local scope, where the label is proposed to be carried in the
destination header, ESP is mandatory and sufficient.
On a wider scope, AH is necessary.

Kais.
 >
 >This sounds like it mandates the use of AH, is that correct?
 >
 >Best Regards,
 >Joseph D. Harwood
 >jharwood@vesta-corp.com
 >www.vesta-corp.com 
 >
 >> -----Original Message-----
 >> From: owner-ipsec@lists.tislabs.com
 >> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Kais Belgaied
 >> Sent: Wednesday, February 28, 2001 7:18 PM
 >> To: ipng@sunroof.eng.sun.com; ipsec@lists.tislabs.com
 >> Subject: Internet Draft for explicit security labels in IPv6.
 >> 
 >> 
 >> Greetings,
 >> 
 >> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
 >> within the premises of a trusted infrastructure.
 >> IPv6 only has the implicit labeling by having different IPsec SAs convey
 >> different labels.
 >> We think there is a need to have explicit labels in IPv6, whether or not
 >> IPsec is used.
 >> 
 >> Please see draft-belgaied-ipv6-lsopt-00.txt
 >> 
 >> http://www.ietf.org/internet-drafts/draft-belgaied-ipv6-lsopt-00.txt
 >>     
 >>     
 >> Regards,
 >> Kais.
 >> 
 >> 
 >>

---

• Prev by Date: RE: Internet Draft for explicit security labels in IPv6.
• Next by Date: Re: Internet Draft for explicit security labels in IPv6.
• Prev by thread: Re: Internet Draft for explicit security labels in IPv6.
• Next by thread: Re: Internet Draft for explicit security labels in IPv6.
• Index(es):
  • Main
  • Thread