Re[4]: AH (without ESP) on a secure gateway
"Whelan, Bill" <bwhelan@nei.com> Mon, 02 December 1996 22:29 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA22802 for ipsec-outgoing; Mon, 2 Dec 1996 17:29:15 -0500 (EST)
Date: Mon, 02 Dec 1996 17:27:43 -0500
From: "Whelan, Bill" <bwhelan@nei.com>
Message-Id: <9611028495.AA849576552@netx.nei.com>
To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Cc: kent@bbn.com, ho@earth.hpc.org, ipsec@tis.com
Subject: Re[4]: AH (without ESP) on a secure gateway
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
>Hmm. Which "protocol tower" are we talking about, anyhow? > IP[H1->H2],AH[R1->R2],... >or > IP[R1->R2],AH[R1->R2],IP[H1->H2],... >(R1,R2 are routers, H1,H2 are hosts; the problem is only interesting >if we assume H2 != R2). Well I'm not sure I understand the notation (AH defined in RFC 1826 doesn't have source/destination addresses), but I was thinking of the former case. OOPS, I just noticed there is an internet draft more recent than RFC 1826. I'll go over this to see if I need to take anything back(:-(). >The latter case has "outer headers" and "inner headers". Unless I'm really confused, the latter case is not even provided for in the specifications... Or are you saying that security gateways which provide AH MUST implement some type of IP (ESP or other) tunneling? I don't see that required by the documents. >I can see ways of making the former case "work" when H2 doesn't do >AH, but if H2 does, you have to worry about SPI collisions between >the ones assigned by H2 and the ones assigned by R2.. > - Bill Bill W.
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer