[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Protocols that refer AH (was: Death to AH)

To: <sommerfeld@East.Sun.COM>, "Jun-ichiro itojun Hagino" <itojun@iijlab.net>
Subject: Protocols that refer AH (was: Death to AH)
From: "Jari Arkko" <jari.arkko@kolumbus.fi>
Date: Sat, 24 Mar 2001 20:43:29 +0200
Cc: "IP Security List" <ipsec@lists.tislabs.com>
References: <20010324115506.9ABE97E7E@starfruit.itojun.org>
Sender: owner-ipsec@lists.tislabs.com


> here are a (probably incomplete) list of protocols that says "use
> IPsec to secure traffic".  in IPv4 they provided upper-layer mechanism
> to secure the protocol, and now they do not provide upper-layer
> mechanism for IPv6 because they rely upon IPsec
> though I need to diagnose each of them further, my take is that
> for routing protocols we prefer transport mode AH than ESP.
> 
> - mobile-ip6
> a lot of extension headers need protection, we do not really
> want encryption for most of these
> - RIPng (RFC2080)
> explicitly refers AH and ESP
> - OSPFv3 (RFC2740)
> explicitly refers AH and ESP
> - IPv6 router renumbering (RFC2894)
> tries to protect site-local multicast by IPsec!
> - IPv6 tunnel broker (RFC3053)

A lot of pure IPv6 (e.g. RFC 2461) refers explicitly to AH (see
e.g. section 4.1). I consider this to be a bug, but thought that
I should mention that many such references exist.

Jari

Follow-Ups:

Re: Protocols that refer AH (was: Death to AH)

From: "Scott Fanning" <sfanning@cisco.com>

References:

Re: Death to AH (was Re: SA identification)

From: Jun-ichiro itojun Hagino <itojun@iijlab.net>

Prev by Date: Re: Two issues: AH death, and SA identification
Next by Date: IPSec Working Group for VPNs
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: Re: Protocols that refer AH (was: Death to AH)
Index(es):
- Main
- Thread