RE: Why can't ESP authenticate IP header?

[Pravin Kantak <pravin@intotoinc.com>]

hello folks,

         can somebody point me to the discussion on securing the routing 
updates with IPSec. it would be very interesting to follow up that 
discussion. i think, nasty things like OSPF and RIPv2 are still being 
worked on under the heading "IPSec multicast support".

thank you,
- pravin

At 09:47 AM 9/21/01 -0700, Bora Akyol wrote:
>Lokesh
>
>There are times when one only  needs authentication but not encryption. For
>example, routing protocol updates will be authenticated but not encrypted.
>Authentication for BGP, for example, would be a **good** thing (tm).
>
>AH fits the bill for this type of application whereas ESP would be overkill.
>Also, I am not sure how many ESP implementations include NULL encryption.
>
>Regards
>
>Bora
>



*********************************************************************
Pravin Kantak,                          http://www.intotoinc.com
Intoto Inc.                             voice : (408)844-0480 Ext 318
3160, De La Cruz Blvd, #100,            fax   : (408)844-0488
Santa Clara, CA - 95054
*********************************************************************

---

Follow-Ups:

• RE: Why can't ESP authenticate IP header?
• From: Stephen Kent <kent@bbn.com>

References:

• RE: Why can't ESP authenticate IP header?
• From: Bora Akyol <akyol@allegrosys.com>

---

• Prev by Date: RE: Why can't ESP authenticate IP header?
• Next by Date: RE: Why can't ESP authenticate IP header?
• Prev by thread: RE: Why can't ESP authenticate IP header?
• Next by thread: RE: Why can't ESP authenticate IP header?
• Index(es):
  • Main
  • Thread