[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Draft for explicit security labels in IPv6.

To: Kais Belgaied <kais@domus.ebay.sun.com>
Subject: Re: Internet Draft for explicit security labels in IPv6.
From: Stephen Kent <kent@bbn.com>
Date: Thu, 1 Mar 2001 16:15:09 -0500
Cc: ipng@sunroof.eng.sun.com, ipsec@lists.tislabs.com
In-Reply-To: <200103010317.TAA06305@domus.ebay.sun.com>
References: <200103010317.TAA06305@domus.ebay.sun.com>
Sender: owner-ipsec@lists.tislabs.com

Kais,

>Greetings,
>
>IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
>within the premises of a trusted infrastructure.
>IPv6 only has the implicit labeling by having different IPsec SAs convey
>different labels.
>We think there is a need to have explicit labels in IPv6, whether or not
>IPsec is used.
>

Ipsec allows for both implicit and explicit labelling, according to 
RFC 2401. If one wishes to carry explicit security labels in the IP 
header, and to protect the integrity and authenticity of these 
labels, there are two options: use AH or use tunnel mode ESP and have 
the labels appear only in the inner IP header.

Steve

References:

Internet Draft for explicit security labels in IPv6.

From: Kais Belgaied <kais@domus.ebay.sun.com>

Prev by Date: Re: Internet Draft for explicit security labels in IPv6.
Next by Date: Re: Internet Draft for explicit security labels in IPv6.
Prev by thread: RE: Internet Draft for explicit security labels in IPv6.
Next by thread: RE: Internet Draft for explicit security labels in IPv6.
Index(es):
- Main
- Thread