Re[5]: AH (without ESP) on a secure gateway
"Whelan, Bill" <bwhelan@nei.com> Mon, 02 December 1996 23:34 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA22902 for ipsec-outgoing; Mon, 2 Dec 1996 18:34:19 -0500 (EST)
Date: Mon, 02 Dec 1996 18:32:55 -0500
From: "Whelan, Bill" <bwhelan@nei.com>
Message-Id: <9611028495.AA849580455@netx.nei.com>
To: Karl Fox <karl@ascend.com>
Cc: sommerfeld@apollo.hp.com, kent@bbn.com, ho@earth.hpc.org, ipsec@tis.com
Subject: Re[5]: AH (without ESP) on a secure gateway
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
>Bill Whelan writes: >> >Hmm. Which "protocol tower" are we talking about, anyhow? > >> > IP[H1->H2],AH[R1->R2],... >> >> >or >> >> > IP[R1->R2],AH[R1->R2],IP[H1->H2],... > >> >(R1,R2 are routers, H1,H2 are hosts; the problem is only interesting > >>if we assume H2 != R2). >... >> Unless I'm really confused, the latter case is not even provided for in the >> specifications... >I certainly hope the latter case is legal, because it's used by quite a >number of encrypting firewalls. Oh, I am quite certain it is legal. What I'm wondering is whether it is REQUIRED (two very different things). From some of the discussion I've seen in the last week, this appears to be an assumed requirement. I just don't see it REQUIRED by the IPSEC documents. >-- >Karl Fox, servant of God, employee of Ascend Communications >3518 Riverside Drive, Suite 101, Columbus, Ohio 43221 +1 614 326 6841 Bill
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer