[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH and mutable fields, how deep to look?

To: itojun@itojun.org (Jun-ichiro itojun Hagino)
Subject: Re: AH and mutable fields, how deep to look?
From: Stephen Kent <kent@bbn.com>
Date: Fri, 12 Dec 2003 09:42:21 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: <20031212022810.9CD5C9F@coconut.itojun.org>
References: <200312110952.hBB9q5Qo019991@burp.tkv.asdf.org><20031212022810.9CD5C9F@coconut.itojun.org>
Sender: owner-ipsec@lists.tislabs.com

>  > To make it clear, perhaps change the graphics into (not too happy with
>>  this, but):
>>
>>        ------------------------------------------------------------
>>  IPv6  |             |hop-by-hop, dest*, |    | dest |     |      |
>>        |orig IP hdr  |routing, fragment. | AH | opt* | TCP | Data |
>>        ------------------------------------------------------------
>>        |<-- mutable fields processing -->/////<--immutable------->|
>>        |<---- authenticated except for mutable fields ----------->|
>
>	this is important, when implementing multiple AH on a packet
>	(crazy example but possible, and we had interop problem in Connectathon
>	between KAME and Solaris)
>
>itojun

I'm not sure I understand your comment. Are you saying that the 
diagram above is right and handles nested AH instances as you would 
like, or that it is not right?

Steve

Follow-Ups:
- Re: AH and mutable fields, how deep to look?
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

References:
- Re: AH and mutable fields, how deep to look?
  - From: Markku Savela <msa@burp.tkv.asdf.org>
- Re: AH and mutable fields, how deep to look?
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

Prev by Date: Re: AH and mutable fields, how deep to look?
Next by Date: Re: AH and mutable fields, how deep to look?
Previous by thread: Re: AH and mutable fields, how deep to look?
Next by thread: Re: AH and mutable fields, how deep to look?
Index(es):
- Date
- Thread