[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Extension header vs destiantion option

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: Extension header vs destiantion option
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 26 Apr 2005 14:10:17 +0300 (EEST)
Cc: shim6 <shim6@psg.com>
In-reply-to: <307c399ef953b8f467f3d27244e58c75@it.uc3m.es>
References: <307c399ef953b8f467f3d27244e58c75@it.uc3m.es>

On Tue, 26 Apr 2005, marcelo bagnulo braun wrote:

In addition there is the issue brought by Iljitsch, about the destination option header being processed after the IPSec related header. This seems to be in opposition with the architecture of the shim, where the shim resides below the IPsec. However, if a new extension header is used, then the order is perfectly defined and could be placed properly w.r.t. IPSec.

Destination options can be placed before routing, fragment or AH/ESP headers (see RFC2460 section 4.1), so this is not an issue.

The issue about different destination options inside the destionation options header may be worth considering, though. I think there may be other issues stemming over from MIPv6 security design as well. (Like, does the shim6 stuff need to be used as IPsec selectors, which might be challenging for dest options.)

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: Extension header vs destiantion option
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Extension header vs destiantion option
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: Flow label versus Extension header - protocol itself
Next by Date: Re: Extension header vs destiantion option
Previous by thread: Extension header vs destiantion option
Next by thread: Re: Extension header vs destiantion option
Index(es):
- Date
- Thread