Re: [IPsec] WESP - Roadmap Ahead

Stephen Kent <kent@bbn.com> Fri, 13 November 2009 02:14 UTC

Return-Path: <kent@bbn.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E01D23A698F for <ipsec@core3.amsl.com>; Thu, 12 Nov 2009 18:14:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.524
X-Spam-Level:
X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vWseYOdH4+Bq for <ipsec@core3.amsl.com>; Thu, 12 Nov 2009 18:14:43 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 215DD3A6839 for <ipsec@ietf.org>; Thu, 12 Nov 2009 18:14:43 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[133.93.16.246]) by smtp.bbn.com with esmtp (Exim 4.63) (envelope-from <kent@bbn.com>) id 1N8lgr-0002Uf-CW; Thu, 12 Nov 2009 21:15:10 -0500
Mime-Version: 1.0
Message-Id: <p06240805c72267851254@[133.93.16.246]>
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350AB2C85E06@INBANSXCHMBSA1.in.alcatel-luce nt.com>
References: <dc8fd0140911110805q67759507t6cf75a1e9d81c5aa@mail.gmail.com> <p06240800c720d4538dd2@133.93.112.234> <p0624080ac7212e67c860@133.93.16.246> <8CCEE8E4-9AC4-46FB-93E4-FE61E0135EB7@doubleshotsecurity.com> <p0624080ec7213743dc05@133.93.16.246> <dc8fd0140911112030y46aa24f9hf3715d57446e96c0@mail.gmail.com> <51eafbcb0911112144u6e25b826w4ec8110d1f73e652@mail.gmail.com> <7C362EEF9C7896468B36C9B79200D8350AB2C85E06@INBANSXCHMBSA1.in.alcatel-luce nt.com>
Date: Thu, 12 Nov 2009 20:33:11 -0500
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Merike@core3.amsl.com, Kaeo <merike@doubleshotsecurity.com>, Daniel Migault <mglt.ietf@gmail.com>
Subject: Re: [IPsec] WESP - Roadmap Ahead
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2009 02:14:44 -0000

At 6:48 AM +0530 11/13/09, Bhatia, Manav (Manav) wrote:
>Daniel,
>
>>  AH is a security feature we need to keep for header authentication
>
>Am really not sure about the value that AH adds even in case of 
>header authentication.
>
>So what fields does AH protect:
>
>Version, Payload length, Next Header, Source IP and dest IP

you forgot IPv4 and IPv6  options that have predictable values at the 
destination

Steve