Re: AH (without ESP) on a secure gateway
Ran Atkinson <rja@cisco.com> Wed, 04 December 1996 18:43 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA27241 for ipsec-outgoing; Wed, 4 Dec 1996 13:43:11 -0500 (EST)
Date: Wed, 04 Dec 1996 10:45:09 -0800
From: Ran Atkinson <rja@cisco.com>
Message-Id: <199612041845.KAA01568@cornpuffs.cisco.com>
To: ben@ascend.com
Subject: Re: AH (without ESP) on a secure gateway
In-Reply-To: <199611262230.RAA27739@carp.morningstar.com>
References: <199611261929.OAA01715@thunk.orchard.medford.ma.us>
Organization: cisco Systems
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Earlier, someone (possibly Bill Sommerfeld) wrote: >> The "policy engines" on each end need to be sophisticated enough to >> deal with things like this. In particular, if ip-address based access >> controls are in use, then the policy engine should probably do >> consistency checks between the SPI and the source address.. Absolutely true. Such checks are important to prevent certain kinds of attacks and have ALWAYS been present in the NRL implementation. In article <199611262230.RAA27739@carp.morningstar.com> Ben wrote: >I believe the RFC states that the Security Association(SA) is >chosen using only the destination address and the SPI. Incorrect. It says that the receiver is capable of locating the SA for the received packet by using SPI and Destination Address. Ran rja@cisco.com
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer