Re[5]: AH (without ESP) on a secure gateway

"Whelan, Bill" <bwhelan@nei.com> Mon, 02 December 1996 23:34 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA22902 for ipsec-outgoing; Mon, 2 Dec 1996 18:34:19 -0500 (EST)
Date: Mon, 02 Dec 1996 18:32:55 -0500
From: "Whelan, Bill" <bwhelan@nei.com>
Message-Id: <9611028495.AA849580455@netx.nei.com>
To: Karl Fox <karl@ascend.com>
Cc: sommerfeld@apollo.hp.com, kent@bbn.com, ho@earth.hpc.org, ipsec@tis.com
Subject: Re[5]: AH (without ESP) on a secure gateway
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>Bill Whelan writes:
>> >Hmm.  Which "protocol tower" are we talking about, anyhow? > 
>> > IP[H1->H2],AH[R1->R2],...
>> 
>> >or
>> 
>> > IP[R1->R2],AH[R1->R2],IP[H1->H2],... > 
>> >(R1,R2 are routers, H1,H2 are hosts; the problem is only interesting > 
>>if we assume H2 != R2).
>...
>> Unless I'm really confused, the latter case is not even provided for in the 
>> specifications...

>I certainly hope the latter case is legal, because it's used by quite a 
>number of encrypting firewalls.

Oh, I am quite certain it is legal.  What I'm wondering is whether it is 
REQUIRED (two very different things).  From some of the discussion I've seen 
in the last week, this appears to be an assumed requirement.  I just don't 
see it REQUIRED by the IPSEC documents.
>-- 
>Karl Fox, servant of God, employee of Ascend Communications
>3518 Riverside Drive, Suite 101, Columbus, Ohio 43221   +1 614 326 6841

Bill