Re[2]: AH (without ESP) on a secure gateway

"Whelan, Bill" <bwhelan@nei.com> Wed, 04 December 1996 13:29 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA26169 for ipsec-outgoing; Wed, 4 Dec 1996 08:29:34 -0500 (EST)
Date: Wed, 04 Dec 1996 08:29:49 -0500
From: "Whelan, Bill" <bwhelan@nei.com>
Message-Id: <9611048497.AA849717071@netx.nei.com>
To: mcr@sandelman.ottawa.on.ca, Stephen Kent <kent@bbn.com>
Cc: ipsec@tis.com
Subject: Re[2]: AH (without ESP) on a secure gateway
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>I maintained that it makes sense to use AH between a pair of firewalls 
>ONLY if the header is applied to a tunneled SA.  Once we agree on that, 
>the rest ought to be easy.

I agree (now :-)) completely.  This discussion started when something which 
was obvious to most people was not obvious to me.  It appeared the document 
allowed (advocated?) transport mode on a secure gateway which made no sense 
to me.

But then I've always subscribed to the philosophy that "it is better to 
state the obvious than to assume everyone knows it!"

Sorry for the confusion and thanks to everyone for straightening me out.

Bill