FW: IPSEC WORKING GROUP LAST CALL
"Patel, Baiju V" <baiju.v.patel@intel.com> Mon, 02 March 1998 12:07 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id HAA20646 for ipsec-outgoing; Mon, 2 Mar 1998 07:07:22 -0500 (EST)
Message-ID: <A1B6CB375930D11188D100A0C95A36BD011477A6@FMSMSX31>
From: "Patel, Baiju V" <baiju.v.patel@intel.com>
To: 'ipsec' <ipsec@tis.com>
Subject: FW: IPSEC WORKING GROUP LAST CALL
Date: Fri, 27 Feb 1998 14:57:19 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.1960.3)
Content-Type: text/plain
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Mark help me understand what is in the latest documents on the issues I had raised and I appreciate him sending it to me in a private mail. I am forwarding it to the mailist list for everyone's benefit. Once again, thanks Mark. Baiju > -----Original Message----- > From: mark@mentat.com [SMTP:mark@mentat.com] > Sent: Friday, February 27, 1998 12:26 PM > To: baiju.v.patel@intel.com > Subject: RE: IPSEC WORKING GROUP LAST CALL > > Baiju, > > I'm sending this just to you, not the list.... Please read the specs > more carefully to answer your very basic questions, see my comments > below for clues. > > > Transform ID Value > > ------------ ----- > > RESERVED 0-1 > > AH_MD5 2 > > AH_SHA 3 > > AH_DES 4. > > > > I do not see an AH NULL here. > > Correct. We're talking about AH, not ESP there. It is not allowed to > have a NULL or no authentication with the authentication header (AH), > thats > its purpose in life! > > > > > ESP specs to not have authentication data optional. therefore, we > do > > need this field. If we indeed managed to specify null > authentication > > what will be the length of this field and what would we put there. > > Please read draft-ietf-ipsec-esp-v2-03.txt and note in particular the > following section. There are also numerous references throughout the > document to this issue of ESP without authentication. > > 2.7 Authentication Data > > The Authentication Data is a variable-length field containing an > Integrity Check Value (ICV) computed over the ESP packet minus > the > Authentication Data. The length of the field is specified by the > authentication function selected. The Authentication Data field > is > optional, and is included only if the authentication service has > been > selected for the SA in question. The authentication algorithm > specification MUST specify the length of the ICV and the > comparison > rules and processing steps for validation. > > > Also, note the following text from section 4.5 of the document > draft-ietf-ipsec-ipsec-doi-07.txt. This explains how to have ESP > negotiated without an authentication algorithm. > > There is no default value for Auth Algorithm, as it must be > specified to correctly identify the applicable AH or ESP > transform, except in the following case. > > When negotiating ESP without authentication, the Auth > Algorithm attribute MUST NOT be included in the proposal. > > > > Hope this helps! Perhaps once you're re-read these documents > carefully > you'll see how to use AH+ESP effectively or perhaps decide ESP alone > is sufficient, perhaps in tunnel mode. > > > -- Marc --
- IPSEC WORKING GROUP LAST CALL Theodore Y. Ts'o
- IPSEC WORKING GROUP LAST CALL Ben Rogers
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- Re: IPSEC WORKING GROUP LAST CALL David Carrel
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- Re: IPSEC WORKING GROUP LAST CALL Tero Kivinen
- Re: IPSEC WORKING GROUP LAST CALL Matt Thomas
- Re: IPSEC WORKING GROUP LAST CALL Ramesh Kamath
- Re: IPSEC WORKING GROUP LAST CALL Theodore Y. Ts'o
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- Re: IPSEC WORKING GROUP LAST CALL Theodore Y. Ts'o
- RE: IPSEC WORKING GROUP LAST CALL Rob Adams
- Re: IPSEC WORKING GROUP LAST CALL Dave Mason
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL Derrell D. Piper
- RE: IPSEC WORKING GROUP LAST CALL Robert Moskowitz
- Re: IPSEC WORKING GROUP LAST CALL Marcus Leech
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- RE: IPSEC WORKING GROUP LAST CALL Steven M. Bellovin
- Re: IPSEC WORKING GROUP LAST CALL Steven M. Bellovin
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- RE: IPSEC WORKING GROUP LAST CALL Norman Shulman
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- RE: IPSEC WORKING GROUP LAST CALL Roy Pereira
- Re: IPSEC WORKING GROUP LAST CALL Ben Rogers
- RE: IPSEC WORKING GROUP LAST CALL Rob Adams
- RE: IPSEC WORKING GROUP LAST CALL Roy Pereira
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL Jim Gillogly
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- RE: IPSEC WORKING GROUP LAST CALL Steve Goldhaber
- Re: IPSEC WORKING GROUP LAST CALL Dave Mason
- Re: IPSEC WORKING GROUP LAST CALL Marcus Leech
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- Re: IPSEC WORKING GROUP LAST CALL Lewis McCarthy
- Re: IPSEC WORKING GROUP LAST CALL Lewis McCarthy
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL M.C.Nelson
- Re: IPSEC WORKING GROUP LAST CALL Alex Alten
- Re: IPSEC WORKING GROUP LAST CALL Steven M. Bellovin
- Re: IPSEC WORKING GROUP LAST CALL EKR
- Re: IPSEC WORKING GROUP LAST CALL Ben Rogers
- Re: IPSEC WORKING GROUP LAST CALL Michael C. Richardson
- Re: IPSEC WORKING GROUP LAST CALL Perry E. Metzger
- Re: IPSEC WORKING GROUP LAST CALL M.C.Nelson
- Re: IPSEC WORKING GROUP LAST CALL M.C.Nelson
- Re: IPSEC WORKING GROUP LAST CALL Derrell D. Piper
- RE: IPSEC WORKING GROUP LAST CALL Patel, Baiju V
- Re: IPSEC WORKING GROUP LAST CALL Theodore Y. Ts'o
- Re: IPSEC WORKING GROUP LAST CALL Alex Alten
- RE: IPSEC WORKING GROUP LAST CALL Stephen Kent
- RE: IPSEC WORKING GROUP LAST CALL Patel, Baiju V
- RE: IPSEC WORKING GROUP LAST CALL Steven M. Bellovin
- Re: IPSEC WORKING GROUP LAST CALL Henry Spencer
- Re: IPSEC WORKING GROUP LAST CALL Marcus Leech
- Re: IPSEC WORKING GROUP LAST CALL Lewis McCarthy
- Re: IPSEC WORKING GROUP LAST CALL Alex Alten
- Re: IPSEC WORKING GROUP LAST CALL Alex Alten
- Re: IPSEC WORKING GROUP LAST CALL Daniel Harkins
- Re: IPSEC WORKING GROUP LAST CALL Henry Spencer
- Re: IPSEC WORKING GROUP LAST CALL Henry Spencer
- RE: IPSEC WORKING GROUP LAST CALL Stephen Kent
- Re: IPSEC WORKING GROUP LAST CALL Raul Miller
- FW: IPSEC WORKING GROUP LAST CALL Patel, Baiju V
- Re: IPSEC WORKING GROUP LAST CALL Paul Koning