[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: Why can't ESP authenticate IP header?
Hello Lokesh,
>Can anyone help me to find an answers to following questions
>
>1. One of the reasons cited in support of AH is that
> it is needed for mobile IP users since, their ip addresses
> change and need Authentication for the source IP address
> that can be done by AH. Here I want to know, why can't
> we make ESP authenticate IP header also? are there any
> other issues involved in this?
The ESP authentication does not include the IP-header, which is
included in the AH authentication. Also you would need a
none-encryption for the ESP-'encryptor' which is discouraged.
>2. Apart from mobile ip user reason, is there any other
> requirement that needs AH ?
Huh, I think the whole IPv6-world depends heavily on IPsec
and especially AH to authenticate Router-Advertisements and
such.
There are not so many IPv6 folks active in the IPsec area,
or the other way around, therefore it tends to be forgotten.
Cheers,
Thomas
********************************************
Dipl. Inform. Thomas Scheffler
T-Systems Nova GmbH
Berkom
Berlin, Germany
Tel: ++49 (0)30 - 3497 2274
Fax: ++49 (0)30 - 3497 2275
email: thomas.scheffler@telekom.de
#>Custom designed reality is a labour intensive product
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
Follow-Ups: