Re: [IPsec] Avoiding Authentication Header (AH)
RJ Atkinson <rja.lists@gmail.com> Tue, 03 January 2012 01:26 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F5F21F852A for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 17:26:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GKHNNW6pqOQc for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 17:26:54 -0800 (PST)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id B999C21F851D for <ipsec@ietf.org>; Mon, 2 Jan 2012 17:26:54 -0800 (PST)
Received: by qcsf15 with SMTP id f15so11430621qcs.31 for <ipsec@ietf.org>; Mon, 02 Jan 2012 17:26:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; bh=USAXOH7UHH3DDPmuy0SPhbT9vtmcN0QN24WIWG0OsXc=; b=Nj4Gt5jdOXx26iP3fmhrofOMVHZk0MxeuEJGG3AK1DbWNHwpfzlxzBZS+iRUoFk0As 6kOs6pXadHytqaEaO2qdJlYQH2U2MoP17HbD1C2uxWtM5KqLGwdHFIQA7T+CPa9ZLylR p8MoQI04AhYuZk1LzoeBR/V7DUvC97k/sZ2R4=
Received: by 10.224.52.75 with SMTP id h11mr5972451qag.46.1325554014293; Mon, 02 Jan 2012 17:26:54 -0800 (PST)
Received: from [10.30.20.12] (pool-96-225-134-175.nrflva.fios.verizon.net. [96.225.134.175]) by mx.google.com with ESMTPS id hv20sm96490581qab.22.2012.01.02.17.26.53 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jan 2012 17:26:53 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1251.1)
From: RJ Atkinson <rja.lists@gmail.com>
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350D027BB485@INBANSXCHMBSA1.in.alcatel-lucent.com>
Date: Mon, 02 Jan 2012 20:26:52 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <7A9BAB01-05F5-4873-98E5-83004940B256@gmail.com>
References: <12533D04-6B3F-490F-935B-4F1FA612C938@gmail.com> <CAA1nO72z3yuOYkwkHCDphmOsVrFtrgq-0xWviY7XRC2vMS9kFg@mail.gmail.com> <639319E3-7725-4F23-9F78-46BB49FCF172@gmail.com> <CAA1nO73JiQTPM7n5ULeFEtNC2fffgxiqN=rmu8Q1hf8aGaJULQ@mail.gmail.com> <065A8A60-0342-47AC-84EE-8A312F60BB5F@gmail.com> <CAA1nO71XFT_iDwYtZcnkD8uwLpf0eGj0yVjkCBhz87tNMahWeQ@mail.gmail.com> <6E4858B9-F081-4421-9110-87FA35716C21@gmail.com> <7C362EEF9C7896468B36C9B79200D8350D027BB485@INBANSXCHMBSA1.in.alcatel-lucent.com>
To: IPsec ME WG List <ipsec@ietf.org>
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 01:26:55 -0000
On 02 Jan 2012, at 19:54 , Bhatia, Manav (Manav) wrote: > And most of these are considered dangerous and are generally discouraged. > > http://tools.ietf.org/html/rfc6398 That RFC says the Router Alert Option might be abused by malicious transit traffic in global public transit networks, depending in part upon the quality of one's router implementation(s). It also says that the Router Alert Option can be deployed safely, for example within an Administrative Domain or in an Overlay deployment. It does not say that all hop-by-hop options are always bad. In fact, it says that they are often useful and can be deployed safely. Yours, Ran
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Venkatesh Sriram
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] WESP and reliability RJ Atkinson
- Re: [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] WESP and reliability Bhatia, Manav (Manav)
- Re: [IPsec] WESP and reliability Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Sean Turner
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Markku Savela
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Yoav Nir
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Panos Kampanakis