Re: Re[4]: AH (without ESP) on a secure gateway

Bill Sommerfeld <sommerfeld@apollo.hp.com> Mon, 02 December 1996 23:08 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA22859 for ipsec-outgoing; Mon, 2 Dec 1996 18:08:19 -0500 (EST)
Message-Id: <199612022310.SAA00742@thunk.orchard.medford.ma.us>
X-Authentication-Warning: thunk.orchard.medford.ma.us: sommerfeld owned process doing -bs
To: "Whelan, Bill" <bwhelan@nei.com>
Cc: kent@bbn.com, ho@earth.hpc.org, ipsec@tis.com
Subject: Re: Re[4]: AH (without ESP) on a secure gateway
In-Reply-To: bwhelan's message of Mon, 02 Dec 1996 17:27:43 -0500. <9611028495.AA849576552@netx.nei.com>
Date: Mon, 02 Dec 1996 18:10:28 -0500
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> Well I'm not sure I understand the notation (AH defined in RFC 1826 
> doesn't have source/destination addresses), but I was thinking of the 
> former case.

What I meant by "AH[x->y]" was AH using an SA or SPI from x to y..

In other words, x and y know the SA's key; y allocated the SPI, and is
prepared to receive traffic authenticated using the key.

Does that make sense?

						- Bill