[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: header and data digest issue
>We're in semi-violent agreement that encryption isn't required. For >"ESP cryptographic integrity", one example is ESP with the NULL >Encryption Algorithm, as specified in RFC 2410. AH is not required >for any IP Storage protocol and the ipsec WG is in the process of >removing the requirement for AH from future versions of the ipsec RFCs. ... modulo IP header authentication and NATs. (iir, AH verifies the IP header; ESP+Null enc+ Auth doesn't, or only via the TCP pseudo-header checksum). You and I are in fierce agreement; previous posters may not be entirely happy with prospects of NATting ESP. Given the issues with standards-track progress and in-progress IPsec work, do the IPS security drafts explicilty make clear the rationale for not requiring AH support? The lastest ips-security draft (http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-11.txt) still cites rfc2402. Should that be excised?
Last updated: Thu Feb 28 19:18:09 2002
8947 messages in chronological order