[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why can't ESP authenticate IP header?

To: sommerfeld@East.Sun.COM
Subject: Re: Why can't ESP authenticate IP header?
From: "john ipsec" <ipsec123@hotmail.com>
Date: Fri, 21 Sep 2001 20:20:42 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


>By allowing SA's to have a source address attribute and checking this
>on receipt (as suggested by Steve Bellovin a long time ago).

Thanks for the info. Can the same trick be applied AH, assuming AH does not 
hash part of the IP header? Of cause, AH includes more bits of the IP header 
than just the source address.

What confuses me is that ESP provides authentication similar to AH, but does 
it in a different way.

Thanks,
John


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

Follow-Ups:

Re: Why can't ESP authenticate IP header?

From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Re: Why can't ESP authenticate IP header?

From: Dan McDonald <danmcd@East.Sun.COM>

Prev by Date: Re: Why can't ESP authenticate IP header?
Next by Date: Re: Why can't ESP authenticate IP header?
Prev by thread: Re: Why can't ESP authenticate IP header?
Next by thread: Re: Why can't ESP authenticate IP header?
Index(es):
- Main
- Thread