Re: "user" and "network layer" security. reply to respondents.

"M.C.Nelson" <netsec@panix.com> Fri, 30 August 1996 13:56 UTC

Received: from relay.hq.tis.com by neptune.TIS.COM id aa22783; 30 Aug 96 9:56 EDT
Received: by relay.hq.tis.com; id JAA11235; Fri, 30 Aug 1996 09:59:35 -0400
Received: from sol.hq.tis.com(10.33.1.100) by relay.tis.com via smap (V3.1.1) id xma011228; Fri, 30 Aug 96 09:59:06 -0400
Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA11044; Fri, 30 Aug 96 09:58:24 EDT
Received: by relay.hq.tis.com; id JAA11222; Fri, 30 Aug 1996 09:59:04 -0400
Received: from panix.com(198.7.0.2) by relay.tis.com via smap (V3.1.1) id xma011218; Fri, 30 Aug 96 09:58:51 -0400
Received: (from netsec@localhost) by panix.com (8.7.5/8.7/PanixU1.3) id JAA28291; Fri, 30 Aug 1996 09:59:50 -0400 (EDT)
Date: Fri, 30 Aug 1996 09:59:49 -0400
From: "M.C.Nelson" <netsec@panix.com>
To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Cc: nelson@mcn.netsec.com, PALAMBER@us.oracle.com, ipsec@TIS.COM
Subject: Re: "user" and "network layer" security. reply to respondents.
In-Reply-To: <199608291915.PAA00215@thunk.orchard.medford.ma.us>
Message-Id: <Pine.SUN.3.91.960830095654.26224C-100000@panix.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

Bill,

The transport layer doesn't have "user" either.  Adding a "user" concept
in a new layer between the transport and network layer still breaks the
network architecture.

Regards,
Mitch Nelson
netsec@panix.com




On Thu, 29 Aug 1996, Bill Sommerfeld wrote:

> Another way of looking at ipsec is that the transforms are really a
> layer *in between* network and transport.
> 
> You're not so much adding a "user" concept at the network layer as
> adding a new layer next to the transport layer, which already has a
> concept of "user".
> 
> 					- Bill
> 

Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;, tis.com@TIS.COM
Cc: ipsec@TIS.COM
From: Internet-Drafts@ietf.org
Reply-To: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-ipsec-ah-hmac-md5-02.txt
Date: Fri, 30 Aug 1996 09:41:20 -0400
Message-Id:  <9608300941.aa18298@ietf.org>
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

--NextPart

A Revised Internet-Draft is available from the on-line Internet-Drafts 
directories. This draft is a work item of the IP Security Protocol Working
Group of the IETF.                                                        

Note: This revision reflects comments received during the last call period.

       Title     : HMAC-MD5 IP Authentication with Replay Prevention       
       Author(s) : M. Oehler, R. Glenn
       Filename  : draft-ietf-ipsec-ah-hmac-md5-02.txt
       Pages     : 7
       Date      : 08/29/1996

This document describes a keyed-MD5 transform to be used in conjunction 
with the IP Authentication Header [RFC-1826]. The particular transform is 
based on [HMAC-MD5].  An option is also specified to guard against replay 
attacks.                                                                   

Internet-Drafts are available by anonymous FTP.  Login with the username
"anonymous" and a password of your e-mail address.  After logging in,
type "cd internet-drafts" and then
     "get draft-ietf-ipsec-ah-hmac-md5-02.txt".
A URL for the Internet-Draft is:
ftp://ds.internic.net/internet-drafts/draft-ietf-ipsec-ah-hmac-md5-02.txt
 
Internet-Drafts directories are located at:	
	                                                
     o  Africa                                   
        Address:  ftp.is.co.za (196.4.160.8)	
	                                                
     o  Europe                                   
        Address:  nic.nordu.net (192.36.148.17)	
        Address:  ftp.nis.garr.it (193.205.245.10)
	                                                
     o  Pacific Rim                              
        Address:  munnari.oz.au (128.250.1.21)	
	                                                
     o  US East Coast                            
        Address:  ds.internic.net (198.49.45.10)	
	                                                
     o  US West Coast                            
        Address:  ftp.isi.edu (128.9.0.32)  	
	                                                
Internet-Drafts are also available by mail.	
	                                                
Send a message to:  mailserv@ds.internic.net. In the body type: 
     "FILE /internet-drafts/draft-ietf-ipsec-ah-hmac-md5-02.txt".
							
NOTE: The mail server at ds.internic.net can return the document in
      MIME-encoded form by using the "mpack" utility.  To use this
      feature, insert the command "ENCODING mime" before the "FILE"
      command.  To decode the response(s), you will need "munpack" or
      a MIME-compliant mail reader.  Different MIME-compliant mail readers
      exhibit different behavior, especially when dealing with
      "multipart" MIME messages (i.e., documents which have been split
      up into multiple messages), so check your local documentation on
      how to manipulate these messages.
							
For questions, please mail to Internet-Drafts@ietf.org
							

Below is the data which will enable a MIME compliant mail reader 
implementation to automatically retrieve the ASCII version
of the Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type:  Message/External-body;
        access-type="mail-server";
        server="mailserv@ds.internic.net"

Content-Type: text/plain
Content-ID: <19960829163925.I-D@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-ipsec-ah-hmac-md5-02.txt

--OtherAccess
Content-Type:   Message/External-body;
        name="draft-ietf-ipsec-ah-hmac-md5-02.txt";
        site="ds.internic.net";
        access-type="anon-ftp";
        directory="internet-drafts"

Content-Type: text/plain
Content-ID: <19960829163925.I-D@ietf.org>

--OtherAccess--

--NextPart--