Re[4]: AH (without ESP) on a secure gateway

Karl Fox <karl@ascend.com> Mon, 02 December 1996 23:19 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA22872 for ipsec-outgoing; Mon, 2 Dec 1996 18:19:19 -0500 (EST)
Date: Mon, 02 Dec 1996 15:21:40 -0800
Message-Id: <199612022321.PAA04467@gump.eng.ascend.com>
From: Karl Fox <karl@ascend.com>
To: "Whelan, Bill" <bwhelan@nei.com>
Cc: Bill Sommerfeld <sommerfeld@apollo.hp.com>, kent@bbn.com, ho@earth.hpc.org, ipsec@tis.com
Subject: Re[4]: AH (without ESP) on a secure gateway
In-Reply-To: <9611028495.AA849576552@netx.nei.com>
References: <9611028495.AA849576552@netx.nei.com>
Reply-To: Karl Fox <karl@ascend.com>
Organization: Ascend Communications
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Bill Whelan writes:
> >Hmm.  Which "protocol tower" are we talking about, anyhow?
> 
> > IP[H1->H2],AH[R1->R2],...
> 
> >or
> 
> > IP[R1->R2],AH[R1->R2],IP[H1->H2],...
> 
> >(R1,R2 are routers, H1,H2 are hosts; the problem is only interesting
> >if we assume H2 != R2).
...
> Unless I'm really confused, the latter case is not even provided for in the 
> specifications...

I certainly hope the latter case is legal, because it's used by quite
a number of encrypting firewalls.
-- 
Karl Fox, servant of God, employee of Ascend Communications
3518 Riverside Drive, Suite 101, Columbus, Ohio 43221   +1 614 326 6841