[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH and mutable fields, how deep to look?

To: kent@bbn.com
Subject: Re: AH and mutable fields, how deep to look?
From: itojun@itojun.org (Jun-ichiro itojun Hagino)
Date: Sat, 13 Dec 2003 04:42:30 +0900 (JST)
Cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Fri, 12 Dec 2003 09:42:21 -0500"<a06010203bbff8411e21c@[128.89.89.75]>
References: <a06010203bbff8411e21c@[128.89.89.75]>
Sender: owner-ipsec@lists.tislabs.com

> >  > To make it clear, perhaps change the graphics into (not too happy with
> >>  this, but):
> >>
> >>        ------------------------------------------------------------
> >>  IPv6  |             |hop-by-hop, dest*, |    | dest |     |      |
> >>        |orig IP hdr  |routing, fragment. | AH | opt* | TCP | Data |
> >>        ------------------------------------------------------------
> >>        |<-- mutable fields processing -->/////<--immutable------->|
> >>        |<---- authenticated except for mutable fields ----------->|
> >
> >	this is important, when implementing multiple AH on a packet
> >	(crazy example but possible, and we had interop problem in Connectathon
> >	between KAME and Solaris)
> >
> >itojun
> 
> I'm not sure I understand your comment. Are you saying that the 
> diagram above is right and handles nested AH instances as you would 
> like, or that it is not right?

	we can have multiple AH in a packet, like
		IPv6 AH1 AH2 payload
	and when we compute cipher checksum for AH1, AH2 should be handled
	as an immutable header.

itojun

References:
- Re: AH and mutable fields, how deep to look?
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: AH and mutable fields, how deep to look?
Next by Date: Re: rfc2401bis and QoS selectors
Previous by thread: Re: AH and mutable fields, how deep to look?
Next by thread: rfc2401bis issue #79: Handling ICMP error messages
Index(es):
- Date
- Thread