Re[5]: AH (without ESP) on a secure gateway

Stephen Kent <kent@bbn.com> Tue, 03 December 1996 03:33 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id WAA23158 for ipsec-outgoing; Mon, 2 Dec 1996 22:33:55 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v0300780faec94feaf381@[128.33.229.237]>
In-Reply-To: <9611028495.AA849580455@netx.nei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 02 Dec 1996 22:37:30 -0500
To: "Whelan, Bill" <bwhelan@nei.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re[5]: AH (without ESP) on a secure gateway
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Bill,

	I agree that the IP-AH-IP configuration is "legal" and the
question, as you mentioned, is whether it is required.  Our rewrite of the
architecture, ESP and AH documents (which have not been distributed yet)
addresses these questions with some proposals, but the WG as a whole needs
to consider these minimum essential requirements questions.  The recently
revised architecture I-D has only a small number of my proposed changes in
it, but it does broach the subject of what a compliant AH or ESP
implementation must support at either a host or gateway.  It's not
complete, though.

Steve