Re: header and data digest issue

To: Black_David@emc.com
Subject: Re: header and data digest issue
From: Jonathan Stone <jonathan@dsg.stanford.edu>
Date: Thu, 28 Feb 2002 15:12:33 -0800
cc: ips@ece.cmu.edu
In-reply-to: Your message of "Wed, 27 Feb 2002 20:13:28 EST." <277DD60FB639D511AC0400B0D068B71E02937514@CORPMX14>
Sender: owner-ips@ece.cmu.edu


>We're in semi-violent agreement that encryption isn't required.  For
>"ESP cryptographic integrity", one example is ESP with the NULL
>Encryption Algorithm, as specified in RFC 2410.  AH is not required
>for any IP Storage protocol and the ipsec WG is in the process of
>removing the requirement for AH from future versions of the ipsec RFCs.

... modulo IP header authentication and NATs. (iir, AH verifies the IP
header; ESP+Null enc+ Auth doesn't, or only via the TCP pseudo-header
checksum).  You and I are in fierce agreement; previous posters may
not be entirely happy with prospects of NATting ESP.


Given the issues with standards-track progress and in-progress IPsec
work, do the IPS security drafts explicilty make clear the rationale
for not requiring AH support?  The lastest ips-security draft
(http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-11.txt)
still cites rfc2402.  Should that be excised?

References:
- RE: header and data digest issue
  - From: Black_David@emc.com

Prev by Date: iSCSI: iSCSI MIB Draft Submitted
Next by Date: Re: Digests As Connection-Specific Parameters
Prev by thread: RE: header and data digest issue
Next by thread: RE: header and data digest issue
Index(es):
- Date
- Thread

Home

Last updated: Thu Feb 28 19:18:09 2002
8947 messages in chronological order