[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SEND vs. IPsec AH (was Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt...)

Stephen Kent wrote:

>> Another people who have been saying that they want to use AH is Mobile 
>> IP people. What do they want? Is the current spec fine with them or do 
>> the want similar processing than SEND?

Mobile IPv6 does not employ AH. Most of the security solution
in MIPv6 is in the "application" layer. It does use ESP
for one thing, namely the protection of signaling between
the mobile node and its home agent where traditional
security associations can be assumed to exist. It does
place some requirements on IPsec, but the requirements
for SEND are tougher.

I still think current SEND approach is within the bounds
of the IPsec architecture. And I think it would be a good
idea for the IETF to think where it will apply AH, and
what its future role is. However, I suspect an ND layer
solution would be a surer bet, mainly because in SEND
it would have access to all information, such as some
of the addresses that don't appear in the IP header.