[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internet Draft for explicit security labels in IPv6.
In message <200103011857.KAA10956@domus.ebay.sun.com>, Kais Belgaied writes:
>It mandates a guarantee that the label on the IPv6 is authentic before trustin
>g
>it. In a link-local scope, where the label is proposed to be carried in the
>destination header, ESP is mandatory and sufficient.
>On a wider scope, AH is necessary.
Or it could be bound to the certificate and recreated at the far end.
>
>Kais.
> >
> >This sounds like it mandates the use of AH, is that correct?
> >
> >Best Regards,
> >Joseph D. Harwood
> >jharwood@vesta-corp.com
> >www.vesta-corp.com
> >
> >> -----Original Message-----
> >> From: owner-ipsec@lists.tislabs.com
> >> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Kais Belgaied
> >> Sent: Wednesday, February 28, 2001 7:18 PM
> >> To: ipng@sunroof.eng.sun.com; ipsec@lists.tislabs.com
> >> Subject: Internet Draft for explicit security labels in IPv6.
> >>
> >>
> >> Greetings,
> >>
> >> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
> >> within the premises of a trusted infrastructure.
> >> IPv6 only has the implicit labeling by having different IPsec SAs convey
> >> different labels.
> >> We think there is a need to have explicit labels in IPv6, whether or not
> >> IPsec is used.
> >>
> >> Please see draft-belgaied-ipv6-lsopt-00.txt
> >>
> >> http://www.ietf.org/internet-drafts/draft-belgaied-ipv6-lsopt-00.txt
> >>
> >>
> >> Regards,
> >> Kais.
> >>
> >>
> >>
>
>
>
--Steve Bellovin, http://www.research.att.com/~smb
Follow-Ups: