[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG next steps

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: WG next steps
From: RJ Atkinson <rja@extremenetworks.com>
Date: Fri, 15 Nov 2002 21:48:00 -0500
Cc: multi6@ops.ietf.org
In-reply-to: <200211150520.gAF5KVts004942@sandelman.ottawa.on.ca>

On Friday, Nov 15, 2002, at 00:20 America/Montreal, Michael Richardson wrote:

If you do IPsec between every set of end-points, then you can easily insert
the appropriate End-point-identifiers for the transport layer. Bellovin has
pointed out that once you've authenticated the packet via IPsec, you just
don't care what's in the IP header. (This is often an argument why against
AH.)

There is an attack that Bellovin overlooks, so AH actually does matter.
(Caveat: This is controversial, because I *never* am first to discuss attacks
in public.)

Ran

References:
- Re: WG next steps
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: WG next steps
Next by Date: Re: WG next steps
Previous by thread: Re: WG next steps
Next by thread: RE: WG next steps
Index(es):
- Date
- Thread