[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Why can't ESP authenticate IP header?



This is good work, but did not get a lot of traction in the IDR WG due to
concern on taxing router CPUs that are already taxed.

BTW, (afaik) the BBN work is aimed at authenticating individual advertised
prefixes as opposed to communication between the hosts which relies on TCP
MD5 authentication. The authentication of prefixes prevents a renegade BGP
speaker from taking down a portion Internet. The current system in place is
based mainly on trust.

Bora


|-----Original Message-----
|From: Stephen Kent [mailto:kent@bbn.com]
|Sent: Friday, September 21, 2001 1:14 PM
|To: Pravin Kantak
|Cc: Bora Akyol; Scheffler, Thomas; ipsec@lists.tislabs.com
|Subject: RE: Why can't ESP authenticate IP header?
|
|
|For use of IPsec with BGP (S-BGP), see the following web site 
|for details:
|
|www.ir.bbn.com/projects/sbgp
|


Follow-Ups: