IETF Logo Mail Archive

Re: data origin authentication

Michael Richardson <mcr@sandelman.ottawa.on.ca> Tue, 07 May 2002 18:39 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g47IdGL06731; Tue, 7 May 2002 11:39:16 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA10806 Tue, 7 May 2002 13:50:42 -0400 (EDT)
Message-Id: <200205071752.g47Hqfh11664@marajade.sandelman.ottawa.on.ca>
To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Re: data origin authentication
In-reply-to: Your message of "Tue, 07 May 2002 18:41:40 +0200." <E76F715C0429D5118F2100508BB9EDEE036FE96C@hrtades7.atea.be>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset="US-ASCII"
Date: Tue, 07 May 2002 13:52:40 -0400
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

>>>>> "Goeman" == Goeman Stefan <Stefan.Goeman@siemens.atea.be> writes:
    Goeman> If you don't really need to authenticate the header to obtain
    Goeman> data origin authentication, why does AH (rfc 2402) authenticates
    Goeman> also the IP header, and not only the IP payload?

  Please see the archives.

  AH is generally considered a historical accident.
  I think that it will still prove useful, but not for most people this
decade.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

v2.39.1 | Report a Bug | By Email | System Status