[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Re: Six/One Router revised 2008-07-12 - IPsec




Robin -

                I can't see how Six/One Router's Unilateral mode
                could support IPsec authentication of the IPv6
                header.

You are correct.  In backwards compatibility mode, Six/One Router
breaks IPsec Authentication Header.  It's the same as with NATs.
Packet exchanges between two upgraded edge networks don't have this
limitation.  And packet exchanges in IPsec ESP don't have it either.
But packet exchanges in IPsec AH with legacy edge networks do.  One
may argue that this is acceptable because IPsec AH is not widely used,
but that is clearly a personal opinion.

- Christian



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg