[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH and mutable fields, how deep to look?
> > > To make it clear, perhaps change the graphics into (not too happy with
> >> this, but):
> >>
> >> ------------------------------------------------------------
> >> IPv6 | |hop-by-hop, dest*, | | dest | | |
> >> |orig IP hdr |routing, fragment. | AH | opt* | TCP | Data |
> >> ------------------------------------------------------------
> >> |<-- mutable fields processing -->/////<--immutable------->|
> >> |<---- authenticated except for mutable fields ----------->|
> >
> > this is important, when implementing multiple AH on a packet
> > (crazy example but possible, and we had interop problem in Connectathon
> > between KAME and Solaris)
> >
> >itojun
>
> I'm not sure I understand your comment. Are you saying that the
> diagram above is right and handles nested AH instances as you would
> like, or that it is not right?
we can have multiple AH in a packet, like
IPv6 AH1 AH2 payload
and when we compute cipher checksum for AH1, AH2 should be handled
as an immutable header.
itojun