IETF Logo Mail Archive

Re: doi-07/interoperability questions

"Eric L. Wong" <ewong@zk3.dec.com> Wed, 11 March 1998 16:33 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA20326 for ipsec-outgoing; Wed, 11 Mar 1998 11:33:02 -0500 (EST)
Message-Id: <3506C162.CA24FDC2@zk3.dec.com>
Date: Wed, 11 Mar 1998 11:52:50 -0500
From: "Eric L. Wong" <ewong@zk3.dec.com>
X-Mailer: Mozilla 4.04 [en] (Win95; I)
Mime-Version: 1.0
To: CJ Gibson <cjgibson@semaphorecom.com>
Cc: Ben Rogers <ben@Ascend.COM>, Robert Moskowitz <rgm-sec@htt-consult.com>, ipsec@tis.com
Subject: Re: doi-07/interoperability questions
References: <0171F2F8F9E5D011A4D10060B03CFB44097E85@scc-server3.semaphorecom.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

No, I am not advocating such at all.  I mis-interpreted the original
post.  I get the picture now, as explained by Ben.

/eric

CJ Gibson wrote:
> 
> I don't believe we should delete either 2 or 4 but I didn't think that's
> what Ben meant by "not support AH (tunnel) and ESP (transport)". I
> assumed this meant "not support [these] together  on the same packet.
> You aren't seriously advocating the removal of AH-tunnel mode, are you?
> I also don't see the use of adding 6.
> 
> --CJ
> 

=======
Ben Rogers wrote:
> > Is this correct?
> 
> Nope.  All I'm suggesting is that we have a way to negotiate 5 followed
> by 1 in ISAKMP.  The net result being:
> 
> [IP1][upper]
> [IP2][ESP][IP1][upper]
> [IP2][AH][ESP][IP1][upper]
> 
> I used to think that 6 was necessary, but was convinced this was not a
> valid combination by Stephen Kent at the December IETF (AH is no longer
> in tunnel mode).  You can, however, emulate it using the 5+1
> combination.  This was what I was suggesting in the AH (transport) + ESP
> (tunnel) proposal.
> 
> 
> ben
> 
>

v2.29.0 | Report a Bug | By Email | System Status