[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH and mutable fields, how deep to look?

To: Markku Savela <msa@burp.tkv.asdf.org>
Subject: Re: AH and mutable fields, how deep to look?
From: Stephen Kent <kent@bbn.com>
Date: Wed, 10 Dec 2003 18:11:32 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: <200312091018.hB9AIl0l029185@burp.tkv.asdf.org>
References: <200312091018.hB9AIl0l029185@burp.tkv.asdf.org>
Sender: owner-ipsec@lists.tislabs.com

At 12:18 +0200 12/9/03, Markku Savela wrote:
>[I tried to send a message about this last week, but it disappeared...]
>
>With following
>
>    IP Ext.-Headers1 AH Ext.-Headers2 ...
>
>TAHI test assumes that the "mutable field" processing is also done for
>the Ext.Headers2. I always had the misconception(?), and my
>implementation also has it, that the payload after AH is treated as
>opaque bits, and immutable.
>
>I find my interpretation, of course, saner (and simpler). However, AH
>RFC seems to support TAHI's interpretation (at least the ASCII
>graphics).
>
>If my interpretation is wrong, then the followup question is: how deep
>you are supposed to scan? Say,
>
>    IP ext1 AH ext2 IP-tunnel ext3 ...etc..
>
>Then, an unknown (to the SG) extension header inside ext3 would
>totally unnecessarily break the IPSEC...

The intent was to treat everything after AH as opaque, in IPv6 as 
well as IPv4. What change to the graphics would help convey this 
better?

Steve

Follow-Ups:
- Re: AH and mutable fields, how deep to look?
  - From: Markku Savela <msa@burp.tkv.asdf.org>

References:
- AH and mutable fields, how deep to look?
  - From: Markku Savela <msa@burp.tkv.asdf.org>

Prev by Date: rfc2401bis issue #79: Handling ICMP error messages
Next by Date: Re: AH and mutable fields, how deep to look?
Previous by thread: Re: AH and mutable fields, how deep to look?
Next by thread: Re: AH and mutable fields, how deep to look?
Index(es):
- Date
- Thread