Re: [IPsec] Avoiding Authentication Header (AH)
RJ Atkinson <rja.lists@gmail.com> Mon, 02 January 2012 21:58 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C44C11E80AD for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 13:58:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 80WNtEWH18pM for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 13:58:06 -0800 (PST)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 992F211E8083 for <ipsec@ietf.org>; Mon, 2 Jan 2012 13:58:04 -0800 (PST)
Received: by qadb15 with SMTP id b15so9269272qad.10 for <ipsec@ietf.org>; Mon, 02 Jan 2012 13:58:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; bh=DefwebdYN8RWwhyIlsYTFUv30mxOzqspW54UQy21k9g=; b=f1OMQaUyn5fp3VTSFjRq/QGDDRQhbHeYsoGarLeImkxTFPo/2/UPj/Lu97ErPemdhe nd9GBL9bJxAZU4X4QUXiedV/Ngo/+ZCHxqbyDvvVOqNiJ88CdzNIkSLEFeHxn9X6iYOf hU+o89sRfwr2grQAz7Ma2K23QAXmCxstXZbXE=
Received: by 10.224.203.67 with SMTP id fh3mr56994273qab.13.1325541483171; Mon, 02 Jan 2012 13:58:03 -0800 (PST)
Received: from [10.30.20.12] (pool-96-225-134-175.nrflva.fios.verizon.net. [96.225.134.175]) by mx.google.com with ESMTPS id ev2sm47376344qab.15.2012.01.02.13.58.02 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jan 2012 13:58:02 -0800 (PST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Apple Message framework v1251.1)
From: RJ Atkinson <rja.lists@gmail.com>
In-Reply-To: <CAA1nO72z3yuOYkwkHCDphmOsVrFtrgq-0xWviY7XRC2vMS9kFg@mail.gmail.com>
Date: Mon, 02 Jan 2012 16:58:01 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <639319E3-7725-4F23-9F78-46BB49FCF172@gmail.com>
References: <12533D04-6B3F-490F-935B-4F1FA612C938@gmail.com> <CAA1nO72z3yuOYkwkHCDphmOsVrFtrgq-0xWviY7XRC2vMS9kFg@mail.gmail.com>
To: IPsec ME WG List <ipsec@ietf.org>
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jan 2012 21:58:07 -0000
On 02 Jan 2012, at 14:15 , Jack Kohn wrote: > In case of IPv4, which field in the IP header > are you most interested in protecting? An IPv4 example would be validating the [FIPS-188] IPv4 option, which can't be protected any other way. That option is supported by a range of operating systems, both commercial and open-source. I'm told by a a major computer vendor that Linux supports this for both IPv4 and IPv6. The option reportedly is deployed in environments ranging from certain large financial institutions to governments. Some devices that perform IP routing also perform security checks that ensure the label on a given packet is in range for the output interface; end systems also separately need to trust the label integrity. Similar IPv6 examples exist. Yours, Ran
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Venkatesh Sriram
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] WESP and reliability RJ Atkinson
- Re: [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] WESP and reliability Bhatia, Manav (Manav)
- Re: [IPsec] WESP and reliability Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Sean Turner
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Markku Savela
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Yoav Nir
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Panos Kampanakis