[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Specification of tunnel/transport attribute in IKEv2

To: andrew.krywaniuk@alcatel.com
Subject: Re: Specification of tunnel/transport attribute in IKEv2
From: Markku Savela <msa@burp.tkv.asdf.org>
Date: Thu, 9 May 2002 01:22:35 +0300
CC: ipsec@lists.tislabs.com
In-reply-to: <001001c1f6ce$83bf1b00$1e72788a@ca.alcatel.com>(andrew.krywaniuk@alcatel.com)
References: <001001c1f6ce$83bf1b00$1e72788a@ca.alcatel.com>
Sender: owner-ipsec@lists.tislabs.com


> Also, we decided that the ordering of the protocols in the proposal
> shouldn't matter, since the only ordering that makes sense is
> [AH][ESP]

But, if I do *WANT* to do [ESP][AH]? Basicly, I want to check IP
headers, but not wanting the sniffers to know that I'm checking...

...and if someone wonders what is checked: if I have

  [IP-hdrs][ESP][AH]...

then first ESP gets applied and removed resulting

  [IP-hdrs][AH]...

and then AH checks the IP-hdrs.

(and yes, the IPSEC I wrote can do this, if IKE wouldn't object.. :-)

Follow-Ups:
- RE: Specification of tunnel/transport attribute in IKEv2
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:
- Specification of tunnel/transport attribute in IKEv2
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Specification of tunnel/transport attribute in IKEv2
Next by Date: RE: ESP+AH
Prev by thread: Specification of tunnel/transport attribute in IKEv2
Next by thread: RE: Specification of tunnel/transport attribute in IKEv2
Index(es):
- Date
- Thread